?
Solved

Error 678 in VPN connection

Posted on 2007-11-29
5
Medium Priority
?
1,271 Views
Last Modified: 2010-04-21
Hi There,
We are testing a VPN connection in L2TP/IPSec with a pre-shared key in ms windows 2003 server.
The VPN is working correctly when used from an ADSL line that goes thru a Netgear adsl router (udp ports 500, 4500 and 1701 are opened) but FAILS when we use an ADSL line that goes thru a CISCO 2800 router.

We cant directly view or modify the CISCO 2800 configuration so we ask here.

We have analyzed the traffic with ethereal and the communication logs seems to fail in communicate ESP packet.

Can be a problem of the CISCO 2800 configuration? The ESP traffic must be enabled to work or is enabled by default when the port 500, 4500 are opened?

Please advise,
Thank You Roberto
0
Comment
Question by:XPRoberto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20373029
ESP is standalone type of IP protocol.
sometimes it can be blocked by firewalls
you can try to use UDP incapsulation (via UDP port 500)
But I'm not sure windows server can do that by default.

Try to allow esp protocol (or IP protocol 50) to pass through on your cisco
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20373038
0
 

Author Comment

by:XPRoberto
ID: 20373089
Hi and thanks for the replys,
I've checked other post here in EE and found that maybe this must be enabled in router configuration:

Allow
IPSEC ESP (IP type 50)
IPSEC AH (IP type 51)

And

isakmp nat-traversal 20
to enable nat-traversal

On more simple routers (like our netgear) these are allowed by default (or not filtered at all)??

I will send to tech people who can modify the router configuration and then repost results.

Thanks Bye Roberto
0
 
LVL 21

Accepted Solution

by:
from_exp earned 1500 total points
ID: 20373135
Always welcome!
On small home routers usually you have one check box named "Allow VPN passthough".
In case of cisco - you have more options and better security
0
 

Author Closing Comment

by:XPRoberto
ID: 31425622
Hi there!
Finally the VPN goes right in place and i can confirm the problem was the cisco configuration altrough i cant say what the technicians have done on it. I add that in case of clients with xp sp1 you need an update to ipsec.sys that is findable in sp2 or in KB842933! Thanls Rob
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question