Getting VPN working using L2TP with IPSEC with Forefront TMG Standard Edition

Posted on 2011-10-24
Last Modified: 2012-05-26

I'm working with one of my clients at the moment trying to get this working.  On a Windows XP PC PPTP connections work fine but when we try to configure the VPN to use L2TP with IPSEC, the client returns error 678 “The remote computer did not respond” after a couple of minutes.  The Forefront log just shows the L2TP connection being initiated and then being gracefully closed.  There are some forums mentioning IP fragmentation but in the standard version of TMG there are no options to configure this.  We have also tried this from a Windows 7 client and that displays a 789 "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotations with the remote computer" error.

I have tried dispensing with IPSEC PSK and using a certificate instead but I get the same error.  I'm running out of ideas and any pointers would be appreciated.


Glen Mansbridge
Question by:Glen_TTL
    LVL 51

    Expert Comment

    by:Keith Alabaster
    the option for fragmentation is in all versions of TMG and was in all ISA versions from 2004 onwards - you'll find it in the Intrusion protection section in the GUI - behavioural section. Be aware the TMG SP2 is now available - worth deploying but READ the guidance and deployments notes first.....
    LVL 9

    Expert Comment

    Can you please verify your configuration with this config

    I reckon, something is missing in your config.
    LVL 6

    Expert Comment


    Accepted Solution

    My client decided to implement a different solution.  Thank you fo your assistance.

    Author Closing Comment

    My client has decided on a different solution so no longer needs this pursued.  Thanks to everyone who responded.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    Title # Comments Views Activity
    MS Direct Access 3 627
    HTTPS vs ISA Server 31 1,875
    Identity Access Management Depolyment 2 76
    TMG 2010 Deployment 3 60
    There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
    Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now