[isalist] Re: Configuring L2TP VPN
- From: "Rob Moore" <RMoore@xxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 14 Feb 2008 12:30:24 -0500
I'll give it a shot. Thanks. I did just successfully connect from a Mac,
so maybe that's it.
Thanks,
Rob
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Thursday, February 14, 2008 12:17 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Configuring L2TP VPN
It could be the NAT-T bug introduced with WinXP SP2. You'll need to
configure the Registry on the client to fix that.
Search for NAT-T bug and you should find the fix.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore
Sent: Thursday, February 14, 2008 10:59 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Configuring L2TP VPN
Done did that. I did the "Publish Non-Web Server Protocols"
wizard. Is there something obvious I missed? I've got lots of other
servers that I've published, both web and non-web, including a PPTP VPN
server. They're all working. I'm not sure why this one isn't working.
Rob
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
Sent: Thursday, February 14, 2008 10:38 AM
To: ISA Mailing List
Subject: [isalist] Re: Configuring L2TP VPN
Server publishing.....
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore
Sent: Thursday, February 14, 2008 11:28 AM
To: ISA Mailing List
Subject: [isalist] Configuring L2TP VPN
Hello all-
I'm trying to configure an L2TP VPN server. I want the traffic
to pass through my ISA 2006 Standard server, to a Windows 2003 server
that's configured with RRAS. I can connect just fine to the RRAS server
if I'm on the same network (i.e., not passing through my ISA server), so
I think the RRAS server is configured correctly. When I try to go
through the ISA server, though, the connection attempt times out.
When I first tried to set it up, I thought all I would need was
a rule directing L2TP traffic to the RRAS server address. I found,
though, through monitoring the traffic, that it also needs IPSec NAT-T
Server (port 4500) and IKE Server (port 500). In fact, when I monitor
connection attempts now, the only traffic that seems to be generated is
the NAT-T and IKE traffic. The ISA server never shows me that any L2TP
traffic is trying to get through.
In any case, the connection never completes. Based on logs on
the RRAS server, the connection attempt never gets to the RRAS server.
Logging on the ISA server shows no errors or closed connections (I've
tried filtering the log based on both the client IP and the destination
IP). Event logs don't show anything either.
Any suggestions as to what I've done wrong, what might be
happening, or how to approach it?
Thanks,
Rob
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870
Help Desk: 800-500-AFSC
Other related posts:
