We are using a L2TP/IPSEC 3DES Microsoft VPN at our company. Within the last 3 weeks (it worked prior to this), staff cannot connect simultaneously from locations where they are NAT'ed to the same external, publicly routable IP address. We were able to connect with the same NAT'ed to external IP address up until around 3 weeks ago. We do have the NAT-T patch AND/OR Windows XP Service Pack 2 inplace to allow NAT IPs to be able to connect the VPN. The staff PCs are ALL running Windows XP and the VPN server is running Windows 2003 Server. IF PC1 connects to the VPN, they connect fine. If PC2 (both in the same location with the same NAT'ed IP) PC2 gets the following error:
Error 678 "The remote computer did not respond"
If PC1 disconnects, then PC2 can connect and if PC1 then tries to reconnect, it gets the same error. The problem seems to be SPECIFICALLY tied to the fact that the PCs have the same IP address to the outside world (they do have differnet Private IP address's when ipconfig is ran). I have looke over my VPN server setting and dont know if anything has changed there, although it could have, and our firewall seems to let he traffic through.
When I watch the firewall log the traffic, the first PC sends both NAT-T and ISAKMP and connects fine. The second PC to connect sends ust ISAKMP and gets the 678 error. We have not changed our rules in the Corporate Firewall.
Has there been a patched released that may have broken the ability to connect to our L2TP/IPSEC Windows VPN? Is there a setting that may have been misconfigured? Any ideas where I should start looking?
Thanks!
Start Free Trial
