L2TP/IPSec VPN tunnel Client -> Server

[Dennis van Vroonhoven]

Hi,

What are the limitations for L2TP/IPSec?
I have a Firewall (which does no NAT), behind that Firewall I have a Windows
2000 Server SP4 configured for NAT and Routing & Remote Access. I have
configured Routing & Remote Access to accept L2TP and PPTP connections. Both
work when connecting from the inside network to the inside ipadress of the
server, but when connecting to the external ipadress the PPTP works fine but
the L2TP fails. Furthermore I will have to get my managed firewall
configured to pass L2TP/IPSec, the only ports needed are L2TP (UDP 1701) and
IPSec (TCP 500)??

Thanks,
Dennis

 

[Sharoon Shetty K [MSFT]]

What is the error you get while establishing the L2TP connection? Do you
proper certificates installed at the client machine?

VPN ports required:
PPTP - 1723, GRE Protocol [47]
L2TP - 1701, 500 [IKE] and 4500 [NAT-T]
--

Thanks
Sharoon
(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Dennis van Vroonhoven]

The certificate is properly installed, it's the same computer which I
connect to the internal network or I dial into an ISP.
The error message I get is "error 792: The L2TP connection attempt failed
because security negotiation timed out.".

What is the error you get while establishing the L2TP connection? Do you
proper certificates installed at the client machine?

VPN ports required:
PPTP - 1723, GRE Protocol [47]
L2TP - 1701, 500 [IKE] and 4500 [NAT-T]
--

Thanks
Sharoon
(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.

Hi,

What are the limitations for L2TP/IPSec?
I have a Firewall (which does no NAT), behind that Firewall I have a Windows
2000 Server SP4 configured for NAT and Routing & Remote Access. I have
configured Routing & Remote Access to accept L2TP and PPTP connections. Both
work when connecting from the inside network to the inside ipadress of the
server, but when connecting to the external ipadress the PPTP works fine but
the L2TP fails. Furthermore I will have to get my managed firewall
configured to pass L2TP/IPSec, the only ports needed are L2TP (UDP 1701) and
IPSec (TCP 500)??

Thanks,
Dennis

 

[Stephen Cartwright [MSFT]]

Just to clarify, you need UDP ports 4500 and 500 for IPSec IKE to function,
[4500 if there is a NAT-T box involved]

--
Stephen Cartwright [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."

The certificate is properly installed, it's the same computer which I
connect to the internal network or I dial into an ISP.
The error message I get is "error 792: The L2TP connection attempt failed
because security negotiation timed out.".

What is the error you get while establishing the L2TP connection? Do you
proper certificates installed at the client machine?

VPN ports required:
PPTP - 1723, GRE Protocol [47]
L2TP - 1701, 500 [IKE] and 4500 [NAT-T]
--

Thanks
Sharoon
(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.

Hi,

What are the limitations for L2TP/IPSec?
I have a Firewall (which does no NAT), behind that Firewall I have a Windows
2000 Server SP4 configured for NAT and Routing & Remote Access. I have
configured Routing & Remote Access to accept L2TP and PPTP

connections.
Both

work when connecting from the inside network to the inside ipadress of the
server, but when connecting to the external ipadress the PPTP works

fine
but

the L2TP fails. Furthermore I will have to get my managed firewall
configured to pass L2TP/IPSec, the only ports needed are L2TP (UDP

1701)
and

IPSec (TCP 500)??

Thanks,
Dennis