| VPN Server 2003 Setup for L2TP/IPSEC This is a long question. i basically need help setting up L2TP/IPEC VPN under windows 2003 Server. Here are my configs
All servers have internal ips with port fowarding
1 DC/CA Server
1 Virtual Machine 2003 Server with 1 static ip and nic assigned.
1 Exchange/File Server
VPN Server Setting:
The proper port for the VPN server are opened and fowarded to the internal ip address of the server(UDP port 500,1701,4500. The vpn server has the proper computer certificate installed due to computer autoenrollement in Active Directory. The proper external dns record is created that points to my external ip address. vpn.xxxx.xxx
User Settings: Remote laptop is behind a NAT device.
Windows XP SP2 with vpn connection. When set to PPTP the network connection works perfectly but PPTP is not recommended due to security issues so i decided to implement l2tp/ipsec. The proper computer cert and trusted CA root certificate are installed on this machine.
Issue:
When i change the networking setting to L2TP/IPSEC in the VPN connection properties, the connection gets stuck in verifying username and password then it tries to redial.
Question, can i properly run l2tp with one nic on the virtual machine VPN? Am I missing something in the server or client config? |
|
1 edit | I haven't messed around with a config like that in "ages" because of the hassle and quite actually, I started relying on a hardware router to do that. I'll PM you with something shortly...
Jay
P.S.,
yes, you can run it with one NIC. Most likey, the settings for l2tp/certificates may be misconfigured. |
|
| reply to joeyg2391
Thanks a lot for the help. I also suspect it's the certificate portion. Also, am i missing some ports to open up on my firewall?
Thanks |
|
| reply to joeyg2391
For L2TP VPN, UDP 1701 and 4500 should be all that's needed. Again, I'd have to check on that due to me not really using that particular vpn protocol too much...
Jay |
|
|
|
| reply to joeyg2391
Joey,
there's a Pm for you with some details.
Jay |
|
| reply to joeyg2391
Sorry dont understand. |
|
 SoonerAlOld enough to know betterPremium,MVM
join:2002-07-23
Norman, OK
kudos:5 | PM => Private Message...
Look up at the top left of the screen for a flashing icon or click the little PM icon...
--
"When all else fails, read the instructions..."
MS-MVP Windows Networking 2003-2007 |
|
| Ok i tried L2TP/IPESC from within my network and was able to connect which was something is was unable to do before. But when i try to connect externally it still fails. i ran ethereal and the error recived was destination port unavailble(udp 500)which i did open on my firewall. It says might be cause by a udp checksum offload. Could it be because im running it throught the Virtual Machine? i cant think of anything else. But like i said i was able to connect internally using L2TP/IPSEC setting. Im running windows xp sp2 on my client machine which was used to test internal and external connection. |
|
| reply to joeyg2391
Just in case it hasn't been mentioned to you, connecting "from inside" of your network is a "false positive" (doesn't matter). If you can't connect from outside of your network, it still doesn't work.
What type of router are you using? I neglected to ask that. If you're using "any" version of Linksys WRT54G, that's your problem. I doesn't pass GRE. However, if you have a version 1 -4, that can be flashed with third-party firmware (due to having a larger memory) that does support GRE which will then most likely make your vpn function. "But..." that's a big guess on my part...
Jay |
|
| Linksys RVS4000. with latest firmware |
|
SoonerAlOld enough to know betterPremium,MVM
join:2002-07-23
Norman, OK
kudos:5 | reply to DocLarge
said by DocLarge:Just in case it hasn't been mentioned to you, connecting "from inside" of your network is a "false positive" (doesn't matter). If you can't connect from outside of your network, it still doesn't work. What type of router are you using? I neglected to ask that. If you're using "any" version of Linksys WRT54G, that's your problem. I doesn't pass GRE. However, if you have a version 1 -4, that can be flashed with third-party firmware (due to having a larger memory) that does support GRE which will then most likely make your vpn function. "But..." that's a big guess on my part... Jay Jay,
Question? Why do you say GRE protocol when the OP is trying to use L2TP/IPsec? According to this GRE does not come into play...
»blogs.technet.com/rrasblog/archi···826.aspx
--
"When all else fails, read the instructions..."
MS-MVP Windows Networking 2003-2007 |
|
| *Heh* Ooops
PPTP/GRE on the brain 
What I was intending to say is that the WRT54G may not allow the authentication protocols ESP and AH through either due to code restrictions that also prohibited GRE...
My bad if that came out confusing...
Jay |
|
SoonerAlOld enough to know betterPremium,MVM
join:2002-07-23
Norman, OK
kudos:5 | Okey doakey...
Thanks for clearing that up for this ol' guy... |
|
