Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

L2TP VPN RRAS Demand Dial

Posted on 2006-11-29
4
Medium Priority
?
1,390 Views
Last Modified: 2012-06-27
Hello

I'm trying to do something simple however it has turned into something complicated. I have two sites and trying to create a VPN tunnel using RRAS server. PPTP is working fine however If I try to switch it to L2TP I get security errors in event viewer like below:

A Demand Dial connection to the remote interface REAL VPN on port VPN2-4 was successfully initiated but failed to complete successfully because of the  following error: The L2TP connection attempt failed because security negotiation timed out.

It has to be something simple...anyone have any ideas? I have the approrpiate 1701 UDP port forwarded.

Regards

Dan

0
Comment
Question by:dcarrion
  • 2
  • 2
4 Comments
 

Author Comment

by:dcarrion
ID: 18043153
Okay I followed some instructions which shows how to setup L2TP to use preshared key with RRAS. This involves setting registry key for ProhibitIpSec to 1 and setting a preshared key authentication in the mmc snapin. I can connect locally but when I try to connect over the internet it chucks an error back.

I have forwarded port 500 and 1701
0
 
LVL 2

Accepted Solution

by:
The_Maverick earned 1500 total points
ID: 18043368
I've had a bit of a wrestling match over the last week with L2TP. Needing the pre-shared key was one trap (I see that you've already discovered that one) - the other "gotcha" (got me anyway!) was that, apparantly, you can't use L2TP if it's going through any kind of NAT or NPT router (which I was).

Not sure if this applies to you or not, but thought it might help.

Also, have a read of ...

http://support.microsoft.com/default.aspx/kb/259335

Cheers,

Mav.
0
 

Author Comment

by:dcarrion
ID: 18044138
I think the problem I am having is that I am trying to use IPSec VPN behind NAT on a windows 2000 RRAS server. Apparently this doesn't support the new NAT-T (transparent) features...I guess I'm going to have to move onto windows server 2003 RRAS server or hardware VPN routers... thanks anyway guys...any other suggestions please let me know.
0
 
LVL 2

Expert Comment

by:The_Maverick
ID: 18050644
Thanks "dcarrion" :)

I was trying to impliment mine on a Windows Server 2003 R2 Box, but had to settle for PPTP in the end - reading through the MS article that I posted the link for I was left with the impression that it was the NAT box (Zyxel Router) that was doing the corrupting of the packets, but I could be wrong.

I suppose you know that you can download a 6 month trial of WinSvr 2003R2 from MS for nothing to try?

Cheers,

Mav
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question