AJromito
asked on
RRAS 08 R2 IPSec L2TP Behind Sonicwall
Hey Team,
I'm looking for a boost in terms of troubleshooting VPN connectivity issue. Due to recent vulnerability exposure, i'm trying to move my organization away from PPTP.
Currently, the box (an 08 R2 DC) runs RRAS and PPTP functions normally.
I set up IPsec with PSK via its own NPS Policy and here's what I'm seeing:
From LAN, i can connect without issue
From WAN, i cannot connect. Packet capture shows IKE traffic back and fourth, sonicwall confirms that no packets are dropped, all are forwarded. At this point, the client connection fails with error 809.
Ports opened (and natted) to the server on the SW:
UDP 500
UDP 4500
Protocol 50 ESP
UDP 1721
Side note: The Sonicwall runs a site-to-site VPN tunnel and also serves VPN (wan group VPN) The DC has a dedicated public IP
I'm looking for a boost in terms of troubleshooting VPN connectivity issue. Due to recent vulnerability exposure, i'm trying to move my organization away from PPTP.
Currently, the box (an 08 R2 DC) runs RRAS and PPTP functions normally.
I set up IPsec with PSK via its own NPS Policy and here's what I'm seeing:
From LAN, i can connect without issue
From WAN, i cannot connect. Packet capture shows IKE traffic back and fourth, sonicwall confirms that no packets are dropped, all are forwarded. At this point, the client connection fails with error 809.
Ports opened (and natted) to the server on the SW:
UDP 500
UDP 4500
Protocol 50 ESP
UDP 1721
Side note: The Sonicwall runs a site-to-site VPN tunnel and also serves VPN (wan group VPN) The DC has a dedicated public IP
ASKER
Latest update: This is annoying.
IPSec connection works perfectly from Mac OSX, IOS, and Android, from public.
I cannot get windows 7 client connected. Any suggestions? ...i would've expected this client to be the easiest to configure..
IPSec connection works perfectly from Mac OSX, IOS, and Android, from public.
I cannot get windows 7 client connected. Any suggestions? ...i would've expected this client to be the easiest to configure..
ASKER
AssumeUDPEncapsulationCont
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
A hardware solution is something we've been contemplating for some time now...it seems this is our best bet.
Thanks Rob.
Thanks Rob.
Just to confirm thoughNAT-Tt is not supported the link shows how you should be able to modify the registry so it will work. Keep in mind this was removed to increase security so the modification reduces security a little.
ASKER
Does RRAS allow vpn connections of different type at the same time?