Re: L2TP/IPSec VPN Conection

Have you taken care of the following?
1) Is IPSEC service running on both the client and server?
2) Is the preshared key set correctly on the server?
3) I dont actually get your configuration properly. If you have a NAT in
front of your client, check if this is the issue
http://support.microsoft.com/kb/818043
http://support.microsoft.com/default.aspx?scid=kb;en-us;885348

--
Thanks,
Janani [MSFT]
---------------------------------------------------------------------------
"This posting is provided "AS IS" with no warranties, and confers no
rights."

"Carlos Jones" <cjones@xxxxxxxxxxxxxx> wrote in message
news:uhkNVi6QGHA.4740@xxxxxxxxxxxxxxxxxxxxxxx
The upgrade didn´t work.

"beb" <someone@xxxxxxxxxxxxx> escribió en el mensaje
news:O$p6ktzQGHA.1688@xxxxxxxxxxxxxxxxxxxxxxx
Check the firmware on your firewall/vpn device and update it.

"Carlos Jones" <cjones@xxxxxxxxxxxxxx> wrote in message
news:ONsdfexQGHA.224@xxxxxxxxxxxxxxxxxxxxxxx
Sorry, I guess I wasn't clear abaout my problem,

The error on the client side says something like "the remote server
can´t be reached" and the conection process is canceled. Examining the
log I found the lines

Mar 8 10:57:58 localhost kernel: IKE: IKE --INVALID_PAYLOAD_LENGTH
(0x2004) -- peer 148.221.140.224

Could anybody help me to understand and fix my problem?
Thanks.

Carlos Jones


"Carlos Jones" <cjones@xxxxxxxxxxxxxx> escribió en el mensaje
news:%23CTxmIuQGHA.224@xxxxxxxxxxxxxxxxxxxxxxx
Hello all,

I am trying to enable VPN conections to a W2K3 domain for employees,
here are the facts:

- Windows Server 2003 Standard Edition (DC, DNS Server, RRAS)
- 2Wire 1701HG Gateway for internet acces with static IP (Routing
disabled)
- 3Com OfficeConnect VPN Firewall (DHCP, VPN Server)
- Windows XP Pro clients with no additional VPN software.

I am able to conect via PPTP but with poor performance, when I
change the protocol to L2TP/IPSec with preshared key I get an error,
the following is from the firewall log:


Mar 8 10:57:57 localhost kernel: IKE: IKE -- MainMode -- responder
received message1 from 148.221.140.224, port 500->500.
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Proposal 1 -- protocol
PROTO_ISAKMP, with 5 transforms
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Transform 1 -- KEY_IKE,
index = 1
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Encryption --
TRIPLEDES_CBC
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Hash -- SHA_HASH
Mar 8 10:57:57 localhost kernel: IKE: IKE -- GroupDescription --
MODP_2048
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Authentication --
PRESHARED_KEY
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeType -- SECONDS
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeDuration -- 28800
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Transform 2 -- KEY_IKE,
index = 2
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Encryption --
TRIPLEDES_CBC
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Hash -- SHA_HASH
Mar 8 10:57:57 localhost kernel: IKE: IKE -- GroupDescription --
MODP_1024
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Authentication --
PRESHARED_KEY
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeType -- SECONDS
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeDuration -- 28800
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Transform 3 -- KEY_IKE,
index = 3
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Encryption --
TRIPLEDES_CBC
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Hash -- MD5_HASH
Mar 8 10:57:57 localhost kernel: IKE: IKE -- GroupDescription --
MODP_1024
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Authentication --
PRESHARED_KEY
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeType -- SECONDS
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeDuration -- 28800
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Transform 4 -- KEY_IKE,
index = 4
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Encryption -- DES_CBC
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Hash -- SHA_HASH
Mar 8 10:57:57 localhost kernel: IKE: IKE -- GroupDescription --
MODP_768
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Authentication --
PRESHARED_KEY
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeType -- SECONDS
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeDuration -- 28800
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Transform 5 -- KEY_IKE,
index = 5
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Encryption -- DES_CBC
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Hash -- MD5_HASH
Mar 8 10:57:57 localhost kernel: IKE: IKE -- GroupDescription --
MODP_768
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Authentication --
PRESHARED_KEY
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeType -- SECONDS
Mar 8 10:57:57 localhost kernel: IKE: IKE -- LifeDuration -- 28800
Mar 8 10:57:57 localhost kernel: IKE: IKE -- Peer supports NAT-T, on
draft 2
Mar 8 10:57:57 localhost kernel: IKE: IKE --PHASE1_STARTED_BY_PEER --
peer 148.221.140.224
Mar 8 10:57:57 localhost kernel: IKE: IKE -- MainMode -- responder sent
out response message1 to 148.221.140.224, port 500->500.
Mar 8 10:57:58 localhost kernel: IKE: IKE -- MainMode -- responder
received message2 from 148.221.140.224, port 500->500.
Mar 8 10:57:58 localhost kernel: IKE: IKE -- Peer IP seen:
148.221.140.224
Mar 8 10:57:58 localhost kernel: IKE: IKE -- Local IP: 201.155.x.y
(here goes my static IP, I purposely changed it to submmit it here)
Mar 8 10:57:58 localhost kernel: IKE: IKE -- MainMode -- responder sent
out response message2 to 148.221.140.224, port 500->500.
Mar 8 10:57:58 localhost kernel: IKE: IKE -- MainMode -- responder
received message3 from 148.221.140.224, port 500->500.
Mar 8 10:57:58 localhost kernel: IKE: IKE --INVALID_PAYLOAD_LENGTH
(0x2004) -- peer 148.221.140.224
Mar 8 10:58:37 localhost kernel: IKE: IKE --PHASE1_NEGOTIATION_ABORT --
peer 148.221.140.224
Mar 8 10:59:02 localhost kernel: IKE: IKE --INVALID_COOKIE (0x4) --
peer 148.221.140.224


I really appreciate your help.
Thank you in advance.

Carlos Jones.









.

Relevant Pages

  • Re: Unable to print to networked printer - get access denied messa
    ... Check the permissions on the server assuming the client has a true RPC ... How is the Standard TCP/IP port configured for the device? ...
    (microsoft.public.windowsxp.print_fax)
  • Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
    ... That's the problem tunneling (port forwarding) solves. ... >>can't get past the client firewall. ... > I don't understand why the server would be making the ... server initiates another connection to the client -- in this ...
    (Debian-User)
  • Re: Remote Connection Issue
    ... through port number 3389 and a workstation on the LAN through port number ... I understand that you want to allow a LAN client ... and you have configured server publishing rule ... > By default Terminal Server and Windows 2000 Terminal Services uses TCP ...
    (microsoft.public.windows.server.sbs)
  • Re: RealVNC
    ... Default listening port for RealVNC server that runs on the machine on which ... Then there is default Java listening port on port 5800 on the client machine ...
    (microsoft.public.windows.server.sbs)
  • Re: Redirecting data sent to a local printer to another host and port on the network
    ... All client workstations have access to the ... simply redirecting netcat traffic on port 9100 to port 515 on ... Only LPR clients talk to LPD print server daemons. ... >workstation at the branch site where the print job originated. ...
    (comp.unix.sco.misc)
Loading