Link to home
Get AccessLog in
Avatar of laytonblackham
laytonblackhamFlag for United States of America

asked on

Creating a L2TP over IPSEC VPN from Windows XP SP2 to a Netscreen 50 advanced

Hi, below is what i have

Remote A

Windows XP SP2, connected to an ADSL via a Draytek 2600G which is doing NAT

Main Office

Netscreen 50 Advanced 5.3 r3.0

What i want to do is create a L2TP with IPSEC using a Pre shared Key, how do i do this?
I have read varous documents, but cant get it working.

the error i am getting on the netscreen is that the Pre shared key may not match.

where do i set the type of security on the Windows XP client?

also i forgot to say i am using the native VPN client on the Windows XP Pc and not a remote client.

Thanks

James
Avatar of pseudocyber
pseudocyber

L2TP and IPSEC are two different types of protocols for VPN.  To my knowledge, they're NOT compatible.  Are you trying to tunnel inside a tunnel?  Or one end L2TP and the other IPSEC?
Avatar of laytonblackham

ASKER

I think they are compatable, l2tp is the tunnelling protocol and the IPSEC is the security, i know you can have AH or ESP with IPSEC.
I am positive i cannot use IPSEC with AH behind NAT as NAT will change the IP when NAT is applied.
I know i can use IPSEC with ESP with Certs behind NAT but not sure if i can use a PRE SHARED key or not.
Avatar of Steve Jennings
laytonblackham, you are correct you can't use NAT and IPSEC w/ AH. There's no reason that the pre-shared key won't work provided.

Check this out:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml

Good luck,
Steve
ASKER CERTIFIED SOLUTION
Avatar of Steve Jennings
Steve Jennings

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access