 BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6
 ·Bell Fibe
1 edit | L2TP VPN on USG - quick how-to (Win7 updated) Since I can't edit the original thread anymore, here's little update to the how-to fixing Win7 client connectivity
1) Follow the complete instructions here »L2TP VPN on USG - quick how-to
2) Update the IPsec Phase 1 and Phase 2 settings:
Phase 1 settings:
SA Life Time: 180 or higher
Mode: Main
Proposal: 3DES-SHA1 (this should to be the only proposal, if you put any additional Win7 won't connect. Actually, it seems you can add weaker proposal i.e. 3DES-MD5 but not any AES proposals)
Key Group: DH2
NATT: Yes
DPD: Yes (optional)
Phase 2 settings:
SA Life Time: 3600 or higher
Protocol: ESP
Encapsulation: Transport
Proposal: AES256-SHA1, AES128-SHA1, 3DES-SHA1 (Win7 seems to support AES128 and 3DES only. AES256 will be used by Android and other capable clients only)
PFS: none
Replay Detection: Yes (optional)
NetBIOS broadcast over IPSec: Yes (optional)
I've tested these settings with Win7 Pro 64bit and Andorid 4.0.4. |
|
| Hello, Thanks Brano for this eXcellent how to...
I have a problem with my l2tp connection when i have other VPn in te same interface. when i try to connect with my Win 7 with l2tp in the firewall log always try connect for other vpn and always have the same error :
[SA] : Tunnel [VPN-XXX] Phase 1 encryption algorithm mismatch --> this is the other VPN not L2tp
Any Ideas????
Thanks. |
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6 | What USG model do you have? |
|
| USG 300 |
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6 | Sent you a PM. |
|
| Thanks |
|
