Windows 2003 Server to Server L2TP VPN troubleshooting and correct setup
Posted on 2006-05-23
I have been unsuccessful in setting up a L2TP VPN between two windows 2003 standard servers. I did make sure that the proper ports are open and such and was also able to generically test the connection from my PC with a PPTP VPN connection. The PPTP worked w/o problems.
The issue that I have run into is that the server is not responding to the remote server or client workstation when I switch to L2TP. And the problem with trying to fix this is that I have read so many different docs on setting up L2TP VPNs that I have been confused to the point that I am mixing up methods and can't determine the proper configuration.
For starters, these are NOT active directory computers which makes things instantly more difficult.
Assume that Routing and Remote access is installed correctly and let's focus on just the security issues involved with L2TP. The same SSL cert is installed on both machines and is from a trusted root provider. This eliminates the setup of my own CAs from what I have read. In the RRAS properties I have allowed EAP and MS-CHAP v2. Both the Authentication and Accounting provider is Windows.
The RAS policy is setup for Encryption to allow any method and the Authentication is setup to allow EAP with PEAP configured to use the SSL cert installed and MS-CHAP v2 is also allowed.
The VPN adapter has been setup to use optional encryption and smart card/or/other cert with the use simple cert selection box checked.
The Dial -In Account was created and setup correctly.
The Error: A Demand Dial connection to the remote interface VPN_NY_U15197371 on port VPN3-241 was successfully initiated but failed to complete successfully because of the following error: The remote computer did not respond. For further assistance, click More Info or search Help and Support Center for this error number.
The Error Number: 20111
Thanks in advance for your help!