Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

L2TP VPN RRAS Demand Dial

Posted on 2006-11-29
4
Medium Priority
?
1,388 Views
Last Modified: 2012-06-27
Hello

I'm trying to do something simple however it has turned into something complicated. I have two sites and trying to create a VPN tunnel using RRAS server. PPTP is working fine however If I try to switch it to L2TP I get security errors in event viewer like below:

A Demand Dial connection to the remote interface REAL VPN on port VPN2-4 was successfully initiated but failed to complete successfully because of the  following error: The L2TP connection attempt failed because security negotiation timed out.

It has to be something simple...anyone have any ideas? I have the approrpiate 1701 UDP port forwarded.

Regards

Dan

0
Comment
Question by:dcarrion
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 

Author Comment

by:dcarrion
ID: 18043153
Okay I followed some instructions which shows how to setup L2TP to use preshared key with RRAS. This involves setting registry key for ProhibitIpSec to 1 and setting a preshared key authentication in the mmc snapin. I can connect locally but when I try to connect over the internet it chucks an error back.

I have forwarded port 500 and 1701
0
 
LVL 2

Accepted Solution

by:
The_Maverick earned 1500 total points
ID: 18043368
I've had a bit of a wrestling match over the last week with L2TP. Needing the pre-shared key was one trap (I see that you've already discovered that one) - the other "gotcha" (got me anyway!) was that, apparantly, you can't use L2TP if it's going through any kind of NAT or NPT router (which I was).

Not sure if this applies to you or not, but thought it might help.

Also, have a read of ...

http://support.microsoft.com/default.aspx/kb/259335

Cheers,

Mav.
0
 

Author Comment

by:dcarrion
ID: 18044138
I think the problem I am having is that I am trying to use IPSec VPN behind NAT on a windows 2000 RRAS server. Apparently this doesn't support the new NAT-T (transparent) features...I guess I'm going to have to move onto windows server 2003 RRAS server or hardware VPN routers... thanks anyway guys...any other suggestions please let me know.
0
 
LVL 2

Expert Comment

by:The_Maverick
ID: 18050644
Thanks "dcarrion" :)

I was trying to impliment mine on a Windows Server 2003 R2 Box, but had to settle for PPTP in the end - reading through the MS article that I posted the link for I was left with the impression that it was the NAT box (Zyxel Router) that was doing the corrupting of the packets, but I could be wrong.

I suppose you know that you can download a 6 month trial of WinSvr 2003R2 from MS for nothing to try?

Cheers,

Mav
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question