Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

L2TP VPN RRAS Demand Dial

Posted on 2006-11-29
4
1,374 Views
Last Modified: 2012-06-27
Hello

I'm trying to do something simple however it has turned into something complicated. I have two sites and trying to create a VPN tunnel using RRAS server. PPTP is working fine however If I try to switch it to L2TP I get security errors in event viewer like below:

A Demand Dial connection to the remote interface REAL VPN on port VPN2-4 was successfully initiated but failed to complete successfully because of the  following error: The L2TP connection attempt failed because security negotiation timed out.

It has to be something simple...anyone have any ideas? I have the approrpiate 1701 UDP port forwarded.

Regards

Dan

0
Comment
Question by:dcarrion
  • 2
  • 2
4 Comments
 

Author Comment

by:dcarrion
ID: 18043153
Okay I followed some instructions which shows how to setup L2TP to use preshared key with RRAS. This involves setting registry key for ProhibitIpSec to 1 and setting a preshared key authentication in the mmc snapin. I can connect locally but when I try to connect over the internet it chucks an error back.

I have forwarded port 500 and 1701
0
 
LVL 2

Accepted Solution

by:
The_Maverick earned 500 total points
ID: 18043368
I've had a bit of a wrestling match over the last week with L2TP. Needing the pre-shared key was one trap (I see that you've already discovered that one) - the other "gotcha" (got me anyway!) was that, apparantly, you can't use L2TP if it's going through any kind of NAT or NPT router (which I was).

Not sure if this applies to you or not, but thought it might help.

Also, have a read of ...

http://support.microsoft.com/default.aspx/kb/259335

Cheers,

Mav.
0
 

Author Comment

by:dcarrion
ID: 18044138
I think the problem I am having is that I am trying to use IPSec VPN behind NAT on a windows 2000 RRAS server. Apparently this doesn't support the new NAT-T (transparent) features...I guess I'm going to have to move onto windows server 2003 RRAS server or hardware VPN routers... thanks anyway guys...any other suggestions please let me know.
0
 
LVL 2

Expert Comment

by:The_Maverick
ID: 18050644
Thanks "dcarrion" :)

I was trying to impliment mine on a Windows Server 2003 R2 Box, but had to settle for PPTP in the end - reading through the MS article that I posted the link for I was left with the impression that it was the NAT box (Zyxel Router) that was doing the corrupting of the packets, but I could be wrong.

I suppose you know that you can download a 6 month trial of WinSvr 2003R2 from MS for nothing to try?

Cheers,

Mav
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Client lost connection to AP controlled by Cisco WLC2504 3 40
VLAN Question 13 44
asset tags - importance 3 30
What is an ASP Table on a Cisco ASA? 3 22
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question