SBS 2003 l2tp port issue

Posted on 2007-10-05
Medium Priority
Last Modified: 2008-01-09
I would need someone to test something for me.
I have been working with Micorsoft support ( for hours) on an vpn port issue and we are at odds.

our  server was running PPTP vpn connections with no problems but I have to change to L2TP
for various reasons.
On my server I can telnet (telnet localhost 1723) and I don't get the port not open error ,so it is working.
I go through the procedure to setup L2TP with a pre-shared key I also get the MS tech to look at the settings, so everything looks right.
But from the server I cannot telnet localhost  on port 500 or 1701.

could someone who is running l2tp try to telnet to 500 1701 from their server and  see if they get an answer???

The MS tech just turned around and blamed my router or the xp client or SP2

any help would be appreciated.

Thank you

Question by:Coldnorth
  • 2
  • 2
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20029621
You can't use telnet to port 500 and 1701 because for L2TP you don't enable the TCP ports, they're UDP.  So if you want to test the connectivity you can use portqry.exe (http://support.microsoft.com/kb/310298), but doing that for localhost is a bit unnecessary since the ports will be open internally.

If you've enabled the IPSec Policy for L2TP connection in RRAS Security properties and entered a valid pre-shared key, then I would probably concur with the Microsoft Tech that the problem is either in your router or on the remote end.  

What make/model router are you using?  
Does it have L2TP Passthrough enabled?  
Do you have the ports open on the router as UDP or did you set them as TCP?  
Is the firmware up-to-date with the latest version?  
Have you tried connecting from more than one remote machine?


Author Comment

ID: 20031219
I assumed that much but the MS tech is the one adamant to "telnet" to these ports on the server or on the router.

the router is a netopia r910 with the latest firmware V8.5.0
port 500,1701 and 4500 on UDP are open and pointing to the
internal IP of the SBS server
As per an article from the netopia site when port 500 is opened protocol 50 and 51 also are

thank you

LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 500 total points
ID: 20031523
Then you should review this Netopia document about passthrough configurations:

At one time, Netopia Routers didn't support IPSec Transfer, they would only work as the VPN Endpoint.  So I don't even use them in my deployments.  Therefore, I can't vouch for whether their above instructions will work for you.


Author Comment

ID: 20045770
Thank you

As per Netopia their routers do passthru l2tp properly.
so I will keep wrestling with the MS guy!

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month17 days, left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question