Windows XP VPN client to L2TP Server (RV082) Problem

I have a linksys RV082 VPN server sat behind a router.  The server works for PPTP VPN connections, with UDP port 1723 forwarded, and GRE forwarded.  For L2TP VPN connections, I have UDP ports 500, and 4500 forwarded to the VPN server, and Nat-t enabled.

When using the Windows XP VPN client, the client begins the connection, then errors with error 792.  On the VPN server, I receive the following information in event log:

Jun 29 10:32:33 2009           VPN Log          Received Vendor ID payload Type = [MS NT5 ISAKMPOAKLEY 00000004]
Jun 29 10:32:33 2009          VPN Log         Ignoring Vendor ID payload Type = [FRAGMENTATION]
Jun 29 10:32:33 2009          VPN Log         Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02_n]
Jun 29 10:32:33 2009          VPN Log         Ignoring Vendor ID payload [26244d38eddb61b3...]
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Jun 29 10:32:33 2009          VPN Log         Create a temporary connection for incoming Microsoft VPN Client negotiation packet.
Jun 29 10:32:33 2009          VPN Log         (NATT)responding to Main Mode from unknown peer 149.254.216.1:15698
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Jun 29 10:32:33 2009          VPN Log         [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Jun 29 10:32:34 2009          VPN Log         Main mode peer ID is ID_IPV4_ADDR: '192.168.100.103'
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] Initiator Cookies = 53fb 323a 6864 4259
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] Responder Cookies = bb7f 0b3 7b3 ca48
Jun 29 10:32:34 2009          VPN Log         [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Jun 29 10:32:35 2009          VPN Log         Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb1b322df (perhaps this is a duplicated packet)
Jun 29 10:32:35 2009          VPN Log         Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb1b322df (perhaps this is a duplicated packet)
Jun 29 10:32:41 2009          VPN Log         Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb1b322df (perhaps this is a duplicated packet)

Can anyone help get this sorted?
EboracumAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

EboracumAuthor Commented:
I've tested the connection using "TheGreenBow"'s vpn client, and after switching both the VPN server and client to Aggressive mode, I can connect successfully, so I'm reasonably sure the VPN server is working, and clients can connect to it, its just the Microsoft VPN client that I'm having problems getting it to work with
0
arnoldCommented:
L2TP uses UDP/TCP 1701.
Are you using L2TP over IPSEC? Did you configure the IPSEC policy on the windows system?

The duplicate message is unclear whether the router in front of the Windows system is retransmitting the same packet.

It might not be enough information to determine what is going on.
0
EboracumAuthor Commented:
The main problem has been a miss-understanding of terms.  The RV082 supports IPSEC tunnels, its not a L2TP/IPsec VPN server.  So I could get the greenbow client to connect and work, as it creates an IPSec tunnel, but the windows xp one wants to connect to a L2TP server, so it wont work.

The greenbow client is a bit too expensive at the moment though, so I'm currently testing setting up the IPSEC policy on the windows system, which I can get to connect, and the RV082 shows a successful tunnel created, but I cannot access any resources through the IPSEC tunnel, everything times out.
0
arnoldCommented:
You can configure an ipsec only tunnel in windows.

You have to use the MMC Snap-in for IP security Policy.

Create a new policy and define all the parameters.
 
The below is for a win2k3 server, but the steps are similar to what you have to go through with windows XP.
http://www.tomshardware.com/forum/17582-42-rv082-setting-webserver

Make sure you setup both policies.  One deals with defining the traffic from your computer to the RV082 and the other deals with the return.

http://technet.microsoft.com/en-us/library/cc738298(WS.10).aspx
http://www.windowsecurity.com/articles/Configure-VPN-Connection-Windows-XP.html

See whether you can get the Linksys QuickVPN client.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EboracumAuthor Commented:
Pointed me in the right directory, and made me realise that I'd been trying to set up the wrong thing.  I ended up using the ShrewSoft VPN client
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.