Re: L2TP/IPSec VPN Conection
- From: "Carlos Jones" <cjones@xxxxxxxxxxxxxx>
- Date: Wed, 8 Mar 2006 19:19:09 -0600
Sorry, I guess I wasn't clear abaout my problem,
The error on the client side says something like "the remote server can´t be
reached" and the conection process is canceled. Examining the log I found
the lines
Mar 8 10:57:58 localhost kernel: IKE: IKE --INVALID_PAYLOAD_LENGTH
(0x2004) -- peer 148.221.140.224
Could anybody help me to understand and fix my problem?
Thanks.
Carlos Jones
"Carlos Jones" <cjones@xxxxxxxxxxxxxx> escribió en el mensaje
news:%23CTxmIuQGHA.224@xxxxxxxxxxxxxxxxxxxxxxx
Hello all,
I am trying to enable VPN conections to a W2K3 domain for employees,
here are the facts:
- Windows Server 2003 Standard Edition (DC, DNS Server, RRAS)
- 2Wire 1701HG Gateway for internet acces with static IP (Routing
disabled)
- 3Com OfficeConnect VPN Firewall (DHCP, VPN Server)
- Windows XP Pro clients with no additional VPN software.
I am able to conect via PPTP but with poor performance, when I change
the protocol to L2TP/IPSec with preshared key I get an error, the
following is from the firewall log:
Mar 8 10:57:57 localhost kernel: IKE: IKE -- MainMode -- responder
received message1 from 148.221.140.224, port 500->500.
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Proposal 1 -- protocol
PROTO_ISAKMP, with 5 transforms
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Transform 1 -- KEY_IKE, index
= 1
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Encryption -- TRIPLEDES_CBC
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Hash -- SHA_HASH
Mar 8 10:57:57 localhost kernel: IKE: IKE -- GroupDescription -- MODP_2048
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Authentication --
PRESHARED_KEY
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeType -- SECONDS
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeDuration -- 28800
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Transform 2 -- KEY_IKE, index
= 2
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Encryption -- TRIPLEDES_CBC
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Hash -- SHA_HASH
Mar 8 10:57:57 localhost kernel: IKE: IKE -- GroupDescription -- MODP_1024
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Authentication --
PRESHARED_KEY
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeType -- SECONDS
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeDuration -- 28800
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Transform 3 -- KEY_IKE, index
= 3
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Encryption -- TRIPLEDES_CBC
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Hash -- MD5_HASH
Mar 8 10:57:57 localhost kernel: IKE: IKE -- GroupDescription -- MODP_1024
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Authentication --
PRESHARED_KEY
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeType -- SECONDS
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeDuration -- 28800
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Transform 4 -- KEY_IKE, index
= 4
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Encryption -- DES_CBC
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Hash -- SHA_HASH
Mar 8 10:57:57 localhost kernel: IKE: IKE -- GroupDescription -- MODP_768
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Authentication --
PRESHARED_KEY
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeType -- SECONDS
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeDuration -- 28800
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Transform 5 -- KEY_IKE, index
= 5
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Encryption -- DES_CBC
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Hash -- MD5_HASH
Mar 8 10:57:57 localhost kernel: IKE: IKE -- GroupDescription -- MODP_768
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Authentication --
PRESHARED_KEY
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeType -- SECONDS
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeDuration -- 28800
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Peer supports NAT-T, on draft
2
Mar 8 10:57:57 localhost kernel: IKE: IKE --PHASE1_STARTED_BY_PEER -- peer
148.221.140.224
Mar 8 10:57:57 localhost kernel: IKE: IKE -- MainMode -- responder sent
out response message1 to 148.221.140.224, port 500->500.
Mar 8 10:57:58 localhost kernel: IKE: IKE -- MainMode -- responder
received message2 from 148.221.140.224, port 500->500.
Mar 8 10:57:58 localhost kernel: IKE: IKE -- Peer IP seen: 148.221.140.224
Mar 8 10:57:58 localhost kernel: IKE: IKE -- Local IP: 201.155.x.y (here
goes my static IP, I purposely changed it to submmit it here)
Mar 8 10:57:58 localhost kernel: IKE: IKE -- MainMode -- responder sent
out response message2 to 148.221.140.224, port 500->500.
Mar 8 10:57:58 localhost kernel: IKE: IKE -- MainMode -- responder
received message3 from 148.221.140.224, port 500->500.
Mar 8 10:57:58 localhost kernel: IKE: IKE --INVALID_PAYLOAD_LENGTH
(0x2004) -- peer 148.221.140.224
Mar 8 10:58:37 localhost kernel: IKE: IKE --PHASE1_NEGOTIATION_ABORT --
peer 148.221.140.224
Mar 8 10:59:02 localhost kernel: IKE: IKE --INVALID_COOKIE (0x4) -- peer
148.221.140.224
I really appreciate your help.
Thank you in advance.
Carlos Jones.
.
- Follow-Ups:
- Re: L2TP/IPSec VPN Conection
- From: beb
- Re: L2TP/IPSec VPN Conection
- References:
- L2TP/IPSec VPN Conection
- From: Carlos Jones
- L2TP/IPSec VPN Conection
- Prev by Date: Re: RDP with /console switch
- Next by Date: Re: L2TP/IPSec VPN Conection
- Previous by thread: L2TP/IPSec VPN Conection
- Next by thread: Re: L2TP/IPSec VPN Conection
- Index(es):
Relevant Pages
|
