C
Christian Krackowizer
Hi,
To document all the necessary settings for a VPN connection using different
clients to different servers, we've setup 2 servers with RRAS as VPN-
Servers. One has W2000 SP4, the other W2003 installed. Both are members of
a W2000 AD. Both have 2 NICs, one for intranet LAN with private IP, one for
internet access with offical IP.
The DC is a certificate server, both VPN-Servers got their certificates
through policy. An IPSec policy is created locally for UDP/2701
The client test machine is multibooting Windows XP, 2000 and NT 4.0. For
access with Windows NT 4.0 is MSLT2P client installed. The settings for the
VPN-Connections are defaults. As user authorisation a valid AD user is used
(with dialup rights). There's an ISDN modem on the machine to dial up
internet. The certificates where installed from floppy. An IPSec policy is
also created locally for UDP/2701
There's no NAT involved.
Well, the client test machine can establish the tunnel when connecting to
the W2000 VPN-Server, using either PPTP or L2TP. Everything's fine. Access
works.
When connecting to W2003 VPN-Server, only PPTP works (with indentical
settings on the client machine). L2TP fails with 'error 676 line is busy'.
With a network monitor, I can see the tunnel is already up, as only
protocol 50 is active. But after a few packages the communication stops and
the error is displayed. Looks like the PPP communiction failed, but the
settings are the same as with PPTP used ...
The security event log on the W2003 VPN-Servers says IKE authorisation is
established.
Changed from certificates to pre-defined keys, still the same. W2000 works,
W2003 not. Installed the W2003 fresh from CD, same error.
? any ideas what's different ?
To document all the necessary settings for a VPN connection using different
clients to different servers, we've setup 2 servers with RRAS as VPN-
Servers. One has W2000 SP4, the other W2003 installed. Both are members of
a W2000 AD. Both have 2 NICs, one for intranet LAN with private IP, one for
internet access with offical IP.
The DC is a certificate server, both VPN-Servers got their certificates
through policy. An IPSec policy is created locally for UDP/2701
The client test machine is multibooting Windows XP, 2000 and NT 4.0. For
access with Windows NT 4.0 is MSLT2P client installed. The settings for the
VPN-Connections are defaults. As user authorisation a valid AD user is used
(with dialup rights). There's an ISDN modem on the machine to dial up
internet. The certificates where installed from floppy. An IPSec policy is
also created locally for UDP/2701
There's no NAT involved.
Well, the client test machine can establish the tunnel when connecting to
the W2000 VPN-Server, using either PPTP or L2TP. Everything's fine. Access
works.
When connecting to W2003 VPN-Server, only PPTP works (with indentical
settings on the client machine). L2TP fails with 'error 676 line is busy'.
With a network monitor, I can see the tunnel is already up, as only
protocol 50 is active. But after a few packages the communication stops and
the error is displayed. Looks like the PPP communiction failed, but the
settings are the same as with PPTP used ...
The security event log on the W2003 VPN-Servers says IKE authorisation is
established.
Changed from certificates to pre-defined keys, still the same. W2000 works,
W2003 not. Installed the W2003 fresh from CD, same error.
? any ideas what's different ?