Announcement

Collapse
No announcement yet.

Vpn l2tp

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Re: Vpn l2tp

    after i checked the router

    it is supporting nat-t and allows L2tp access
    (D-Link DI-604)

    so again i ask what can be the problem ?
    since network does pass the router and intiate main mode quick mode

    what can be done ?

    maybe something in the client might be worng ?
    (other thing than certs)

    Comment


    • #17
      Re: Vpn l2tp

      Have you already tried to make the logging I told you earlier?
      Hve you SP1 installed (remember the bug i mentioned earlier)?
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #18
        Re: Vpn l2tp

        Again, in your original post you said that a computer on the internal network can successfully make a L2TP connection to the server so don't spend any more time looking at the client computer or the server. Look at your firewall, there is something there that is causing the problem.

        Comment


        • #19
          Re: Vpn l2tp

          Joe,
          With the logging enabled you can make it sure that the firewall correctly passed the requests through.
          You can exacally see what the kind of connection he's trying to setup and why it fails.
          Yes, you can point to the firewall but are you really sure that there lies the problem?
          Can't it be the firewall on the remote site?

          Edit -
          The logging what I ment is this one:
          http://forums.petri.com/showpost.php...76&postcount=7
          Last edited by Dumber; 7th April 2008, 20:46.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #20
            Re: Vpn l2tp

            yes i did log...
            i wrote the error in a message

            here it is again

            IKE security association negotiation failed.
            Mode:
            Key Exchange Mode (Main Mode)

            Filter:
            Source IP Address 192.168.0.100
            Source IP Address Mask 255.255.255.255
            Destination IP Address 79.177.113.*
            Destination IP Address Mask 255.255.255.255
            Protocol 0
            Source Port 0
            Destination Port 0
            IKE Local Addr 192.168.0.100
            IKE Peer Addr 79.177.113.*
            IKE Source Port 4500
            IKE Destination Port 0
            Peer Private Addr

            Peer Identity:
            Certificate based Identity.
            Peer IP Address: 79.177.113.*

            Failure Point:
            Me

            Failure Reason:
            Negotiation timed out

            Extra Status:
            Processed second (KE) payload
            Responder. Delta Time 63
            0x0 0x0

            ( i used * to hide part of the ip (client)

            it sp2 with all latest updates


            joe:
            internally it's working
            i meant do i need to configure something else beside certs on the remote client
            (not part of the domain)
            to make it work

            in the sniffer you see the traffic
            there is a lot of ISAKMP pacets going back and forth
            so i don't think a firewall blocking the connection ...

            Comment


            • #21
              Re: Vpn l2tp

              Are you running the packet sniffer on the client, the server, or both? I would run it on both and enable conversations if you're using Microsoft Network Monitor 3, that way you can track the conversations to make sure you are seeing all the traffic from the same "session". You'll want to look for traffic in both directions on both the client and the server for each conversation to see where it is encountering a problem.

              Comment


              • #22
                Re: Vpn l2tp

                Does the firewall have IP fragments enabled?
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment

                Working...
                X