[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need Help Connecting Vista VPN Client to 3com OfficeConnect Router (L2TP Server)

Posted on 2009-02-18
4
Medium Priority
?
1,765 Views
Last Modified: 2012-05-06
I recently reformatted my laptop, which meant of course that I had to reconfigure Vista's VPN client to allow me to access my home network (I connect directly to the router as an endpoint).

I can ping the router without a problem, and I set up the client exactly the same as I previously had (to my knowledge), but I get the following error when I try to connect:

"Error 809: The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem."

What's most odd to me is that I am connecting using the same settings as before, using the same internet connection as before (ie, no new/different hardware). I've even tried turning Windows Firewall off altogether on my client computer, but to no avail. Any help would be much appreciated. Thanks

Edit: One difference in the setup of my laptop: it is now on a domain where before it was on a workgroup. That being said, I am a domain admin, and the connection fails with the same error whether I am logged in as a local user or domain user.

Further edit: I tried connecting from another Vista client NOT on the domain. Also without success (same 809 error)

Edit: I tried the same connection from the LAN and got the following error: "Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." I did get an error log, but it's positively huge. If anyone can tell me what to pull from it, I would gladly post it up.

I will also post screenshots of my router setup.
general-vpn.jpg
tunnel.jpg
0
Comment
Question by:johnp338
  • 4
4 Comments
 

Author Comment

by:johnp338
ID: 23673862
A copy of the log from my router:

2009.02.18 13:19:50 [IKE]   + Check in packet and/or construct out packet!
2009.02.18 13:19:50 [IKE]     PAYLOAD_DELETE
2009.02.18 13:19:50 [IKE]     PAYLOAD_HASH
2009.02.18 13:19:50 [IKE]   + Payloads in XCHG_TYPE_INFO:
2009.02.18 13:19:50 [IKE]   - exchange type: Informational(main mode)
2009.02.18 13:19:50 [IKE] - Received 84 bytes from 32.165.2.90:500.
2009.02.18 13:19:50 [IKE] Send delete payload, delete PROTO_IPSEC_ESP SA
2009.02.18 13:19:50 [IKE]   + Check in packet and/or construct out packet!
2009.02.18 13:19:50 [IKE]     PAYLOAD_DELETE
2009.02.18 13:19:50 [IKE]     PAYLOAD_HASH
2009.02.18 13:19:50 [IKE]   + Payloads in XCHG_TYPE_INFO:
2009.02.18 13:19:50 [IKE]   - exchange type: Informational(main mode)
2009.02.18 13:19:50 [IKE] - Received 76 bytes from 32.165.2.90:500.
2009.02.18 13:19:15 [IKE QM] IPSec SA established.
2009.02.18 13:19:15 [IKE]   + Check in packet and/or construct out packet!
2009.02.18 13:19:15 [IKE]     PAYLOAD_HASH
2009.02.18 13:19:15 [IKE]   + Payloads in XCHG_TYPE_QUICK:
2009.02.18 13:19:15 [IKE]   - exchange type: IPsec(Quick mode)
2009.02.18 13:19:15 [IKE] - Received 60 bytes from 32.165.2.90:500.
2009.02.18 13:19:15 [IKE]   ***Send packet!
2009.02.18 13:19:15 [IKE]     PAYLOAD_ID
2009.02.18 13:19:15 [IKE]     PAYLOAD_ID
2009.02.18 13:19:15 [IKE]     PAYLOAD_NONCE
2009.02.18 13:19:15 [IKE]         ---> Transform #1 accepted
2009.02.18 13:19:15 [IKE]                 : 250000
2009.02.18 13:19:15 [IKE]             SA_LIFE_TYPE_KBYTES
2009.02.18 13:19:15 [IKE]                 : 3600
2009.02.18 13:19:15 [IKE]             SA_LIFE_TYPE_SECONDS
2009.02.18 13:19:15 [IKE]             AUTH_ALGORITHM_HMAC_SHA1
2009.02.18 13:19:15 [IKE]             ENCAPSULATION_MODE_TRANSPORT
2009.02.18 13:19:15 [IKE]         ->ESP_3DES(trans #1)
2009.02.18 13:19:15 [IKE]       => parse PROTO_IPSEC_ESP(proposal #2) payload
2009.02.18 13:19:15 [IKE]                 : 250000
2009.02.18 13:19:15 [IKE]             SA_LIFE_TYPE_KBYTES
2009.02.18 13:19:15 [IKE]                 : 3600
2009.02.18 13:19:15 [IKE]             SA_LIFE_TYPE_SECONDS
2009.02.18 13:19:15 [IKE]             AUTH_ALGORITHM_HMAC_SHA1
2009.02.18 13:19:15 [IKE]                 : 128
2009.02.18 13:19:15 [IKE]             ENCAPSULATION_MODE_TRANSPORT
2009.02.18 13:19:15 [IKE]         ->ESP_AES(trans #1)
2009.02.18 13:19:15 [IKE]       => parse PROTO_IPSEC_ESP(proposal #1) payload
2009.02.18 13:19:15 [IKE]     PAYLOAD_SA
2009.02.18 13:19:15 [IKE]     PAYLOAD_HASH
2009.02.18 13:19:15 [IKE]   Construct payload:
2009.02.18 13:19:15 [IKE]     local client -> 97.91.170.62/32
2009.02.18 13:19:15 [IKE]   received ID type ID_IPV4_ADDR
2009.02.18 13:19:15 [IKE]     remote client -> 192.168.0.103/32
2009.02.18 13:19:15 [IKE]   received ID type ID_IPV4_ADDR
2009.02.18 13:19:15 [IKE QM] Quick mode, we are responder.
2009.02.18 13:19:15 [IKE]   + Check in packet and/or construct out packet!
2009.02.18 13:19:15 [IKE]     PAYLOAD_ID
2009.02.18 13:19:15 [IKE]     PAYLOAD_ID
2009.02.18 13:19:15 [IKE]     PAYLOAD_NONCE
2009.02.18 13:19:15 [IKE]     PAYLOAD_SA
2009.02.18 13:19:15 [IKE]     PAYLOAD_HASH
2009.02.18 13:19:15 [IKE]   + Payloads in XCHG_TYPE_QUICK:
2009.02.18 13:19:15 [IKE]   - exchange type: IPsec(Quick mode)
2009.02.18 13:19:15 [IKE] - Received 564 bytes from 32.165.2.90:500.
2009.02.18 13:19:15 [IKE]   ***Send packet!
2009.02.18 13:19:15 [IKE MM] ISAKMP SA established.
2009.02.18 13:19:15 [IKE]     PAYLOAD_HASH
2009.02.18 13:19:15 [IKE]       Local ID : '97.91.170.62' Type ID_IPV4_ADDR
2009.02.18 13:19:15 [IKE]     PAYLOAD_ID
2009.02.18 13:19:15 [IKE]   Construct payload:
2009.02.18 13:19:15 [IKE]       Peer's ID is ID_IPV4_ADDR: '192.168.0.103'
2009.02.18 13:19:15 [IKE]   + Check in packet and/or construct out packet!
2009.02.18 13:19:15 [IKE]     PAYLOAD_HASH
2009.02.18 13:19:15 [IKE]     PAYLOAD_ID
2009.02.18 13:19:15 [IKE]   + Payloads in XCHG_TYPE_ID_PROTECT:
2009.02.18 13:19:15 [IKE]   - exchange type: ID Protection(main mode)
2009.02.18 13:19:15 [IKE] - Received 68 bytes from 32.165.2.90:500.
2009.02.18 13:19:14 [IKE]   ***Send packet!
2009.02.18 13:19:14 [IKE]     PAYLOAD_NONCE
2009.02.18 13:19:14 [IKE]     PAYLOAD_KE
2009.02.18 13:19:14 [IKE]   Construct payload:
2009.02.18 13:19:14 [IKE]   + Check in packet and/or construct out packet!
2009.02.18 13:19:14 [IKE]     PAYLOAD_NONCE
2009.02.18 13:19:14 [IKE]     PAYLOAD_KE
2009.02.18 13:19:14 [IKE]   + Payloads in XCHG_TYPE_ID_PROTECT:
2009.02.18 13:19:14 [IKE]   - exchange type: ID Protection(main mode)
2009.02.18 13:19:14 [IKE] - Received 212 bytes from 32.165.2.90:500.
2009.02.18 13:19:14 [IKE]   ***Send packet!
2009.02.18 13:19:14 [IKE]     PAYLOAD_SA
2009.02.18 13:19:14 [IKE]   Construct payload:
2009.02.18 13:19:14 [IKE]         ---> Transform #4 accepted
2009.02.18 13:19:14 [IKE]                 : 28800
2009.02.18 13:19:14 [IKE]             OAKLEY_LIFE_SECONDS
2009.02.18 13:19:14 [IKE]             OAKLEY_PRESHARED_KEY
2009.02.18 13:19:14 [IKE]             OAKLEY_GROUP_MODP1024
2009.02.18 13:19:14 [IKE]             OAKLEY_SHA
2009.02.18 13:19:14 [IKE]             OAKLEY_3DES_CBC
2009.02.18 13:19:14 [IKE]         ->KEY_IKE(trans #4)
2009.02.18 13:19:14 [IKE]             OAKLEY_GROUP_MODP2048
2009.02.18 13:19:14 [IKE]             OAKLEY_SHA
2009.02.18 13:19:14 [IKE]             OAKLEY_3DES_CBC
2009.02.18 13:19:14 [IKE]         ->KEY_IKE(trans #3)
2009.02.18 13:19:14 [IKE]             OAKLEY_AES_CBC
2009.02.18 13:19:14 [IKE]         ->KEY_IKE(trans #2)
2009.02.18 13:19:14 [IKE]             OAKLEY_AES_CBC
2009.02.18 13:19:14 [IKE]         ->KEY_IKE(trans #1)
2009.02.18 13:19:14 [IKE]       => parse PROTO_ISAKMP(proposal #1) payload
2009.02.18 13:19:14 [IKE MM] Main mode, we are responder.
2009.02.18 13:19:14 [IKE]   + Check in packet and/or construct out packet!
2009.02.18 13:19:14 [IKE]     PAYLOAD_VID
2009.02.18 13:19:14 [IKE]     PAYLOAD_VID
2009.02.18 13:19:14 [IKE]     PAYLOAD_VID
2009.02.18 13:19:14 [IKE]     PAYLOAD_VID
2009.02.18 13:19:14 [IKE]     PAYLOAD_VID
2009.02.18 13:19:14 [IKE]     PAYLOAD_VID
2009.02.18 13:19:14 [IKE]     PAYLOAD_VID
2009.02.18 13:19:14 [IKE]     PAYLOAD_SA
2009.02.18 13:19:14 [IKE]   + Payloads in XCHG_TYPE_ID_PROTECT:
2009.02.18 13:19:14 [IKE]   - exchange type: ID Protection(main mode)
2009.02.18 13:19:14 [IKE] - Received 344 bytes from 32.165.2.90:500.
0
 

Author Comment

by:johnp338
ID: 23674956
Wow, I even tried restoring the router to its defaults and setting it up again: same result. I'm really at a loss here, please help me out. Thanks
0
 

Author Comment

by:johnp338
ID: 23674996
Also, when the connection fails, I get a dialog to enable logging, redial, close, etc. I also have a Diagnose button. When I click this, it says "Network diagnostics pinged the remote host but did not receive a response." So I ping my FQDN, no problem. I honestly have no idea what's going on.
0
 

Accepted Solution

by:
johnp338 earned 0 total points
ID: 23678557
After further diagnostics, I was able to determine that there is an actual hardware problem with the device, so I'll simply be replacing it. Hopefully the installation of the replacement goes more smoothly.

Hey mods, please close.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month19 days, 3 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question