Solved

L2TP VPN RRAS Demand Dial

Posted on 2006-11-29
4
1,367 Views
Last Modified: 2012-06-27
Hello

I'm trying to do something simple however it has turned into something complicated. I have two sites and trying to create a VPN tunnel using RRAS server. PPTP is working fine however If I try to switch it to L2TP I get security errors in event viewer like below:

A Demand Dial connection to the remote interface REAL VPN on port VPN2-4 was successfully initiated but failed to complete successfully because of the  following error: The L2TP connection attempt failed because security negotiation timed out.

It has to be something simple...anyone have any ideas? I have the approrpiate 1701 UDP port forwarded.

Regards

Dan

0
Comment
Question by:dcarrion
  • 2
  • 2
4 Comments
 

Author Comment

by:dcarrion
ID: 18043153
Okay I followed some instructions which shows how to setup L2TP to use preshared key with RRAS. This involves setting registry key for ProhibitIpSec to 1 and setting a preshared key authentication in the mmc snapin. I can connect locally but when I try to connect over the internet it chucks an error back.

I have forwarded port 500 and 1701
0
 
LVL 2

Accepted Solution

by:
The_Maverick earned 500 total points
ID: 18043368
I've had a bit of a wrestling match over the last week with L2TP. Needing the pre-shared key was one trap (I see that you've already discovered that one) - the other "gotcha" (got me anyway!) was that, apparantly, you can't use L2TP if it's going through any kind of NAT or NPT router (which I was).

Not sure if this applies to you or not, but thought it might help.

Also, have a read of ...

http://support.microsoft.com/default.aspx/kb/259335

Cheers,

Mav.
0
 

Author Comment

by:dcarrion
ID: 18044138
I think the problem I am having is that I am trying to use IPSec VPN behind NAT on a windows 2000 RRAS server. Apparently this doesn't support the new NAT-T (transparent) features...I guess I'm going to have to move onto windows server 2003 RRAS server or hardware VPN routers... thanks anyway guys...any other suggestions please let me know.
0
 
LVL 2

Expert Comment

by:The_Maverick
ID: 18050644
Thanks "dcarrion" :)

I was trying to impliment mine on a Windows Server 2003 R2 Box, but had to settle for PPTP in the end - reading through the MS article that I posted the link for I was left with the impression that it was the NAT box (Zyxel Router) that was doing the corrupting of the packets, but I could be wrong.

I suppose you know that you can download a 6 month trial of WinSvr 2003R2 from MS for nothing to try?

Cheers,

Mav
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now