SBS 2003 l2tp port issue

I would need someone to test something for me.
I have been working with Micorsoft support ( for hours) on an vpn port issue and we are at odds.

our  server was running PPTP vpn connections with no problems but I have to change to L2TP
for various reasons.
On my server I can telnet (telnet localhost 1723) and I don't get the port not open error ,so it is working.
I go through the procedure to setup L2TP with a pre-shared key I also get the MS tech to look at the settings, so everything looks right.
But from the server I cannot telnet localhost  on port 500 or 1701.

could someone who is running l2tp try to telnet to 500 1701 from their server and  see if they get an answer???

The MS tech just turned around and blamed my router or the xp client or SP2

any help would be appreciated.

Thank you

Who is Participating?
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
Then you should review this Netopia document about passthrough configurations:

At one time, Netopia Routers didn't support IPSec Transfer, they would only work as the VPN Endpoint.  So I don't even use them in my deployments.  Therefore, I can't vouch for whether their above instructions will work for you.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You can't use telnet to port 500 and 1701 because for L2TP you don't enable the TCP ports, they're UDP.  So if you want to test the connectivity you can use portqry.exe (, but doing that for localhost is a bit unnecessary since the ports will be open internally.

If you've enabled the IPSec Policy for L2TP connection in RRAS Security properties and entered a valid pre-shared key, then I would probably concur with the Microsoft Tech that the problem is either in your router or on the remote end.  

What make/model router are you using?  
Does it have L2TP Passthrough enabled?  
Do you have the ports open on the router as UDP or did you set them as TCP?  
Is the firmware up-to-date with the latest version?  
Have you tried connecting from more than one remote machine?

ColdnorthAuthor Commented:
I assumed that much but the MS tech is the one adamant to "telnet" to these ports on the server or on the router.

the router is a netopia r910 with the latest firmware V8.5.0
port 500,1701 and 4500 on UDP are open and pointing to the
internal IP of the SBS server
As per an article from the netopia site when port 500 is opened protocol 50 and 51 also are

thank you

ColdnorthAuthor Commented:
Thank you

As per Netopia their routers do passthru l2tp properly.
so I will keep wrestling with the MS guy!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.