l2tp/ipsec

Aman

Distinguished
May 3, 2004
8
0
18,510
Archived from groups: microsoft.public.win2000.security (More info?)

I have configured a windows 2003 server for vpn i want to
use the L2TP/ipsec shared key for Authentications. when
ever
i try to connect my server from client it gives me a error
789.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

L2tp will not work over NAT devices if you are using such. If that is the case
you could try to install the NAT-T upgrade on the client computer and open the
appropriate ports and protocols on any firewall. L2tp uses 1701/udp, 500/udp,
and protocol 50. NAT-T also uses 4500/udp. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;818043

"aman" <amanwaliaus@hotmail.com> wrote in message
news:2455c01c45f5a$e4513880$a501280a@phx.gbl...
> I have configured a windows 2003 server for vpn i want to
> use the L2TP/ipsec shared key for Authentications. when
> ever
> i try to connect my server from client it gives me a error
> 789.
 

Aman

Distinguished
May 3, 2004
8
0
18,510
Archived from groups: microsoft.public.win2000.security (More info?)

I am using the windows 2003 as a vpn client and that is
NAT-T ENABLED. I HAVE TAKEN THE FOLLOWING STEPS TO
CONFIGUR THE VPN SERVER



- ON THE SERVER PROPERTIES I HAVE SELECTED THE SECURITY
TAB AND THEN

ADDED THE SHARED KEY .

DO WE HAVE TO CONFIGURE THE IPSEC POLICIES ALSO.



THANKS

AMAN


>-----Original Message-----
>L2tp will not work over NAT devices if you are using
such. If that is the case
>you could try to install the NAT-T upgrade on the client
computer and open the
>appropriate ports and protocols on any firewall. L2tp
uses 1701/udp, 500/udp,
>and protocol 50. NAT-T also uses 4500/udp. --- Steve
>
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;818043
>
>"aman" <amanwaliaus@hotmail.com> wrote in message
>news:2455c01c45f5a$e4513880$a501280a@phx.gbl...
>> I have configured a windows 2003 server for vpn i want
to
>> use the L2TP/ipsec shared key for Authentications. when
>> ever
>> i try to connect my server from client it gives me a
error
>> 789.
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

No you don't have to configure ipsec policy, it is created automatically for l2tp.
However you have to create the same preshared key on both the client and server
[which you can not do on W2K but can for XP pro]. The server must be W2003 for nat-t
and the client needs to have the nat-t upgrade installed. If the client is a W2003
then I don't think it needs the nat-t upgrade but you should review the KB
documentaion to make sure. --- Steve

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/vpnexamp.mspx

"AMAN" <AMANWALIAUS@HOTMAIL.COM> wrote in message
news:2514001c46018$e72ca1c0$a401280a@phx.gbl...
> I am using the windows 2003 as a vpn client and that is
> NAT-T ENABLED. I HAVE TAKEN THE FOLLOWING STEPS TO
> CONFIGUR THE VPN SERVER
>
>
>
> - ON THE SERVER PROPERTIES I HAVE SELECTED THE SECURITY
> TAB AND THEN
>
> ADDED THE SHARED KEY .
>
> DO WE HAVE TO CONFIGURE THE IPSEC POLICIES ALSO.
>
>
>
> THANKS
>
> AMAN
>
>
> >-----Original Message-----
> >L2tp will not work over NAT devices if you are using
> such. If that is the case
> >you could try to install the NAT-T upgrade on the client
> computer and open the
> >appropriate ports and protocols on any firewall. L2tp
> uses 1701/udp, 500/udp,
> >and protocol 50. NAT-T also uses 4500/udp. --- Steve
> >
> >http://support.microsoft.com/default.aspx?scid=kb;en-
> us;818043
> >
> >"aman" <amanwaliaus@hotmail.com> wrote in message
> >news:2455c01c45f5a$e4513880$a501280a@phx.gbl...
> >> I have configured a windows 2003 server for vpn i want
> to
> >> use the L2TP/ipsec shared key for Authentications. when
> >> ever
> >> i try to connect my server from client it gives me a
> error
> >> 789.
> >
> >
> >.
> >
 

Aman

Distinguished
May 3, 2004
8
0
18,510
Archived from groups: microsoft.public.win2000.security (More info?)

thanks a lot ..
one of my problem is solve now i can connect with my vpn
server through the vpn client the error was in firewall
settings . but Now when i tried to connect my server from
the xp client it gives me the error 788
i have updated my client with the NAT- T update.

Thanks

Aman
>-----Original Message-----
>No you don't have to configure ipsec policy, it is
created automatically for l2tp.
>However you have to create the same preshared key on both
the client and server
>[which you can not do on W2K but can for XP pro]. The
server must be W2003 for nat-t
>and the client needs to have the nat-t upgrade installed.
If the client is a W2003
>then I don't think it needs the nat-t upgrade but you
should review the KB
>documentaion to make sure. --- Steve
>
>http://www.microsoft.com/technet/prodtechnol/windowsserver
2003/technologies/networking/vpnexamp.mspx
>
>"AMAN" <AMANWALIAUS@HOTMAIL.COM> wrote in message
>news:2514001c46018$e72ca1c0$a401280a@phx.gbl...
>> I am using the windows 2003 as a vpn client and that is
>> NAT-T ENABLED. I HAVE TAKEN THE FOLLOWING STEPS TO
>> CONFIGUR THE VPN SERVER
>>
>>
>>
>> - ON THE SERVER PROPERTIES I HAVE SELECTED THE SECURITY
>> TAB AND THEN
>>
>> ADDED THE SHARED KEY .
>>
>> DO WE HAVE TO CONFIGURE THE IPSEC POLICIES ALSO.
>>
>>
>>
>> THANKS
>>
>> AMAN
>>
>>
>> >-----Original Message-----
>> >L2tp will not work over NAT devices if you are using
>> such. If that is the case
>> >you could try to install the NAT-T upgrade on the
client
>> computer and open the
>> >appropriate ports and protocols on any firewall. L2tp
>> uses 1701/udp, 500/udp,
>> >and protocol 50. NAT-T also uses 4500/udp. --- Steve
>> >
>> >http://support.microsoft.com/default.aspx?scid=kb;en-
>> us;818043
>> >
>> >"aman" <amanwaliaus@hotmail.com> wrote in message
>> >news:2455c01c45f5a$e4513880$a501280a@phx.gbl...
>> >> I have configured a windows 2003 server for vpn i
want
>> to
>> >> use the L2TP/ipsec shared key for Authentications.
when
>> >> ever
>> >> i try to connect my server from client it gives me a
>> error
>> >> 789.
>> >
>> >
>> >.
>> >
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hmm. The link below gives a description of the errors. I would double check that the
XP client is using the correct preshared key and that the vpn connectoid on it under
properties/networking - type of vpn is configured to use l2tp and not "auto". If the
XP computer is going through a NAT/router try to connect it directly to the internet
for the vpn connection to see if it makes a difference as the firewall on the client
end could be a problem. Be sure to enable the built in ICF firewall on the XP
computer if you try that. --- Steve

http://www.jsiinc.com/SUBO/tip7100/rh7130.htm

"aman" <amanwaliaus@hotmail.com> wrote in message
news:2675001c4628a$01ae1010$a501280a@phx.gbl...
> thanks a lot ..
> one of my problem is solve now i can connect with my vpn
> server through the vpn client the error was in firewall
> settings . but Now when i tried to connect my server from
> the xp client it gives me the error 788
> i have updated my client with the NAT- T update.
>
> Thanks
>
> Aman
> >-----Original Message-----
> >No you don't have to configure ipsec policy, it is
> created automatically for l2tp.
> >However you have to create the same preshared key on both
> the client and server
> >[which you can not do on W2K but can for XP pro]. The
> server must be W2003 for nat-t
> >and the client needs to have the nat-t upgrade installed.
> If the client is a W2003
> >then I don't think it needs the nat-t upgrade but you
> should review the KB
> >documentaion to make sure. --- Steve
> >
> >http://www.microsoft.com/technet/prodtechnol/windowsserver
> 2003/technologies/networking/vpnexamp.mspx
> >
> >"AMAN" <AMANWALIAUS@HOTMAIL.COM> wrote in message
> >news:2514001c46018$e72ca1c0$a401280a@phx.gbl...
> >> I am using the windows 2003 as a vpn client and that is
> >> NAT-T ENABLED. I HAVE TAKEN THE FOLLOWING STEPS TO
> >> CONFIGUR THE VPN SERVER
> >>
> >>
> >>
> >> - ON THE SERVER PROPERTIES I HAVE SELECTED THE SECURITY
> >> TAB AND THEN
> >>
> >> ADDED THE SHARED KEY .
> >>
> >> DO WE HAVE TO CONFIGURE THE IPSEC POLICIES ALSO.
> >>
> >>
> >>
> >> THANKS
> >>
> >> AMAN
> >>
> >>
> >> >-----Original Message-----
> >> >L2tp will not work over NAT devices if you are using
> >> such. If that is the case
> >> >you could try to install the NAT-T upgrade on the
> client
> >> computer and open the
> >> >appropriate ports and protocols on any firewall. L2tp
> >> uses 1701/udp, 500/udp,
> >> >and protocol 50. NAT-T also uses 4500/udp. --- Steve
> >> >
> >> >http://support.microsoft.com/default.aspx?scid=kb;en-
> >> us;818043
> >> >
> >> >"aman" <amanwaliaus@hotmail.com> wrote in message
> >> >news:2455c01c45f5a$e4513880$a501280a@phx.gbl...
> >> >> I have configured a windows 2003 server for vpn i
> want
> >> to
> >> >> use the L2TP/ipsec shared key for Authentications.
> when
> >> >> ever
> >> >> i try to connect my server from client it gives me a
> >> error
> >> >> 789.
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >
 

Aman

Distinguished
May 3, 2004
8
0
18,510
Archived from groups: microsoft.public.win2000.security (More info?)

Thaks a lot

the problem of xp is also solved . Now the problem is that
i want to configure the windows 2000 client to use
preshared key for ipsec. Do you have any idea regarding
this.

Thanks Thanks Thanks Thanks Thanks Thanks
For helping me.....

Regards
Aman

>-----Original Message-----
>Hmm. The link below gives a description of the errors. I
would double check that the
>XP client is using the correct preshared key and that the
vpn connectoid on it under
>properties/networking - type of vpn is configured to use
l2tp and not "auto". If the
>XP computer is going through a NAT/router try to connect
it directly to the internet
>for the vpn connection to see if it makes a difference as
the firewall on the client
>end could be a problem. Be sure to enable the built in
ICF firewall on the XP
>computer if you try that. --- Steve
>
>http://www.jsiinc.com/SUBO/tip7100/rh7130.htm
>
>"aman" <amanwaliaus@hotmail.com> wrote in message
>news:2675001c4628a$01ae1010$a501280a@phx.gbl...
>> thanks a lot ..
>> one of my problem is solve now i can connect with my vpn
>> server through the vpn client the error was in firewall
>> settings . but Now when i tried to connect my server
from
>> the xp client it gives me the error 788
>> i have updated my client with the NAT- T update.
>>
>> Thanks
>>
>> Aman
>> >-----Original Message-----
>> >No you don't have to configure ipsec policy, it is
>> created automatically for l2tp.
>> >However you have to create the same preshared key on
both
>> the client and server
>> >[which you can not do on W2K but can for XP pro]. The
>> server must be W2003 for nat-t
>> >and the client needs to have the nat-t upgrade
installed.
>> If the client is a W2003
>> >then I don't think it needs the nat-t upgrade but you
>> should review the KB
>> >documentaion to make sure. --- Steve
>> >
>>
>http://www.microsoft.com/technet/prodtechnol/windowsserver
>> 2003/technologies/networking/vpnexamp.mspx
>> >
>> >"AMAN" <AMANWALIAUS@HOTMAIL.COM> wrote in message
>> >news:2514001c46018$e72ca1c0$a401280a@phx.gbl...
>> >> I am using the windows 2003 as a vpn client and that
is
>> >> NAT-T ENABLED. I HAVE TAKEN THE FOLLOWING STEPS TO
>> >> CONFIGUR THE VPN SERVER
>> >>
>> >>
>> >>
>> >> - ON THE SERVER PROPERTIES I HAVE SELECTED THE
SECURITY
>> >> TAB AND THEN
>> >>
>> >> ADDED THE SHARED KEY .
>> >>
>> >> DO WE HAVE TO CONFIGURE THE IPSEC POLICIES ALSO.
>> >>
>> >>
>> >>
>> >> THANKS
>> >>
>> >> AMAN
>> >>
>> >>
>> >> >-----Original Message-----
>> >> >L2tp will not work over NAT devices if you are using
>> >> such. If that is the case
>> >> >you could try to install the NAT-T upgrade on the
>> client
>> >> computer and open the
>> >> >appropriate ports and protocols on any firewall.
L2tp
>> >> uses 1701/udp, 500/udp,
>> >> >and protocol 50. NAT-T also uses 4500/udp. --- Steve
>> >> >
>> >> >http://support.microsoft.com/default.aspx?
scid=kb;en-
>> >> us;818043
>> >> >
>> >> >"aman" <amanwaliaus@hotmail.com> wrote in message
>> >> >news:2455c01c45f5a$e4513880$a501280a@phx.gbl...
>> >> >> I have configured a windows 2003 server for vpn i
>> want
>> >> to
>> >> >> use the L2TP/ipsec shared key for Authentications.
>> when
>> >> >> ever
>> >> >> i try to connect my server from client it gives
me a
>> >> error
>> >> >> 789.
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

W2K for a vpn client will not use preshared key for l2tp, this was introduced in XP.
One option is to use pptp for W2K making sure that users use a complex password. You
could create Remote Access Policies to force certain users to only use lt2p if their
machines are able to use l2tp and then allow others to use pptp if need be. The link
below goes into a registry hack that allows Windows 2000 computers to use pre-shared
key for l2tp, but I think it is mostly for gateway to gateway vpn connections but
you may want to want to experiment with it - I have never tried it myself. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;240262

"aman" <amanwaliaus@hotmail.com> wrote in message
news:27a4c01c46327$5ff8ed00$a301280a@phx.gbl...
> Thaks a lot
>
> the problem of xp is also solved . Now the problem is that
> i want to configure the windows 2000 client to use
> preshared key for ipsec. Do you have any idea regarding
> this.
>
> Thanks Thanks Thanks Thanks Thanks Thanks
> For helping me.....
>
> Regards
> Aman
>
> >-----Original Message-----
> >Hmm. The link below gives a description of the errors. I
> would double check that the
> >XP client is using the correct preshared key and that the
> vpn connectoid on it under
> >properties/networking - type of vpn is configured to use
> l2tp and not "auto". If the
> >XP computer is going through a NAT/router try to connect
> it directly to the internet
> >for the vpn connection to see if it makes a difference as
> the firewall on the client
> >end could be a problem. Be sure to enable the built in
> ICF firewall on the XP
> >computer if you try that. --- Steve
> >
> >http://www.jsiinc.com/SUBO/tip7100/rh7130.htm
> >
> >"aman" <amanwaliaus@hotmail.com> wrote in message
> >news:2675001c4628a$01ae1010$a501280a@phx.gbl...
> >> thanks a lot ..
> >> one of my problem is solve now i can connect with my vpn
> >> server through the vpn client the error was in firewall
> >> settings . but Now when i tried to connect my server
> from
> >> the xp client it gives me the error 788
> >> i have updated my client with the NAT- T update.
> >>
> >> Thanks
> >>
> >> Aman
> >> >-----Original Message-----
> >> >No you don't have to configure ipsec policy, it is
> >> created automatically for l2tp.
> >> >However you have to create the same preshared key on
> both
> >> the client and server
> >> >[which you can not do on W2K but can for XP pro]. The
> >> server must be W2003 for nat-t
> >> >and the client needs to have the nat-t upgrade
> installed.
> >> If the client is a W2003
> >> >then I don't think it needs the nat-t upgrade but you
> >> should review the KB
> >> >documentaion to make sure. --- Steve
> >> >
> >>
> >http://www.microsoft.com/technet/prodtechnol/windowsserver
> >> 2003/technologies/networking/vpnexamp.mspx
> >> >
> >> >"AMAN" <AMANWALIAUS@HOTMAIL.COM> wrote in message
> >> >news:2514001c46018$e72ca1c0$a401280a@phx.gbl...
> >> >> I am using the windows 2003 as a vpn client and that
> is
> >> >> NAT-T ENABLED. I HAVE TAKEN THE FOLLOWING STEPS TO
> >> >> CONFIGUR THE VPN SERVER
> >> >>
> >> >>
> >> >>
> >> >> - ON THE SERVER PROPERTIES I HAVE SELECTED THE
> SECURITY
> >> >> TAB AND THEN
> >> >>
> >> >> ADDED THE SHARED KEY .
> >> >>
> >> >> DO WE HAVE TO CONFIGURE THE IPSEC POLICIES ALSO.
> >> >>
> >> >>
> >> >>
> >> >> THANKS
> >> >>
> >> >> AMAN
> >> >>
> >> >>
> >> >> >-----Original Message-----
> >> >> >L2tp will not work over NAT devices if you are using
> >> >> such. If that is the case
> >> >> >you could try to install the NAT-T upgrade on the
> >> client
> >> >> computer and open the
> >> >> >appropriate ports and protocols on any firewall.
> L2tp
> >> >> uses 1701/udp, 500/udp,
> >> >> >and protocol 50. NAT-T also uses 4500/udp. --- Steve
> >> >> >
> >> >> >http://support.microsoft.com/default.aspx?
> scid=kb;en-
> >> >> us;818043
> >> >> >
> >> >> >"aman" <amanwaliaus@hotmail.com> wrote in message
> >> >> >news:2455c01c45f5a$e4513880$a501280a@phx.gbl...
> >> >> >> I have configured a windows 2003 server for vpn i
> >> want
> >> >> to
> >> >> >> use the L2TP/ipsec shared key for Authentications.
> >> when
> >> >> >> ever
> >> >> >> i try to connect my server from client it gives
> me a
> >> >> error
> >> >> >> 789.
> >> >> >
> >> >> >
> >> >> >.
> >> >> >
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >