L2TP VPN RRAS Demand Dial

Hello

I'm trying to do something simple however it has turned into something complicated. I have two sites and trying to create a VPN tunnel using RRAS server. PPTP is working fine however If I try to switch it to L2TP I get security errors in event viewer like below:

A Demand Dial connection to the remote interface REAL VPN on port VPN2-4 was successfully initiated but failed to complete successfully because of the  following error: The L2TP connection attempt failed because security negotiation timed out.

It has to be something simple...anyone have any ideas? I have the approrpiate 1701 UDP port forwarded.

Regards

Dan

dcarrionAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
The_MaverickConnect With a Mentor Commented:
I've had a bit of a wrestling match over the last week with L2TP. Needing the pre-shared key was one trap (I see that you've already discovered that one) - the other "gotcha" (got me anyway!) was that, apparantly, you can't use L2TP if it's going through any kind of NAT or NPT router (which I was).

Not sure if this applies to you or not, but thought it might help.

Also, have a read of ...

http://support.microsoft.com/default.aspx/kb/259335

Cheers,

Mav.
0
 
dcarrionAuthor Commented:
Okay I followed some instructions which shows how to setup L2TP to use preshared key with RRAS. This involves setting registry key for ProhibitIpSec to 1 and setting a preshared key authentication in the mmc snapin. I can connect locally but when I try to connect over the internet it chucks an error back.

I have forwarded port 500 and 1701
0
 
dcarrionAuthor Commented:
I think the problem I am having is that I am trying to use IPSec VPN behind NAT on a windows 2000 RRAS server. Apparently this doesn't support the new NAT-T (transparent) features...I guess I'm going to have to move onto windows server 2003 RRAS server or hardware VPN routers... thanks anyway guys...any other suggestions please let me know.
0
 
The_MaverickCommented:
Thanks "dcarrion" :)

I was trying to impliment mine on a Windows Server 2003 R2 Box, but had to settle for PPTP in the end - reading through the MS article that I posted the link for I was left with the impression that it was the NAT box (Zyxel Router) that was doing the corrupting of the packets, but I could be wrong.

I suppose you know that you can download a 6 month trial of WinSvr 2003R2 from MS for nothing to try?

Cheers,

Mav
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.