Archived from groups: microsoft.public.windowsxp.work_remotely (
More info?)
what happens if you open up all ports on the firewall - as a temporary
measire just to see if it works?
OJ
"James" <James@discussions.microsoft.com> wrote in message
news:B3E99D27-9D3B-419F-AB1D-B9879280F84E@microsoft.com...
> Yes, still no joy.
> Here is Oakley log:
>
> 1-06: 14:09:16:594:52c QM PolicyName: L2TP Require Encryption Quick Mode
> Policy dwFlags 0
> 1-06: 14:09:16:594:52c QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:594:52c QMOffer[0] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:594:52c Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
> 1-06: 14:09:16:594:52c QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:594:52c QMOffer[1] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:594:52c Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
> 1-06: 14:09:16:594:52c QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:594:52c QMOffer[2] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:594:52c Algo[0] Operation: AH Algo: SHA
> 1-06: 14:09:16:594:52c Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
0
> 1-06: 14:09:16:594:52c QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:594:52c QMOffer[3] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:594:52c Algo[0] Operation: AH Algo: MD5
> 1-06: 14:09:16:594:52c Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
0
> 1-06: 14:09:16:594:52c QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:594:52c QMOffer[4] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:594:52c Algo[0] Operation: AH Algo: SHA
> 1-06: 14:09:16:594:52c Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
> 1-06: 14:09:16:594:52c QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:594:52c QMOffer[5] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:52c Algo[0] Operation: AH Algo: MD5
> 1-06: 14:09:16:604:52c Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
> 1-06: 14:09:16:604:52c QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:52c QMOffer[6] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:52c Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
> 1-06: 14:09:16:604:52c QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:52c QMOffer[7] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:52c Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
> 1-06: 14:09:16:604:52c QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:52c QMOffer[8] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:52c Algo[0] Operation: AH Algo: SHA
> 1-06: 14:09:16:604:52c Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
> 1-06: 14:09:16:604:52c QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:52c QMOffer[9] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:52c Algo[0] Operation: AH Algo: MD5
> 1-06: 14:09:16:604:52c Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
> 1-06: 14:09:16:604:52c QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:52c QMOffer[10] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:52c Algo[0] Operation: AH Algo: SHA
> 1-06: 14:09:16:604:52c Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
> 1-06: 14:09:16:604:52c QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:52c QMOffer[11] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:52c Algo[0] Operation: AH Algo: MD5
> 1-06: 14:09:16:604:52c Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
> 1-06: 14:09:16:604:52c Internal Acquire: op=00000001
> src=81.174.216.131.1701 dst=213.166.4.143.1701 proto = 17,
> SrcMask=255.255.255.255, DstMask=255.255.255.255, Tunnel 0,
> TunnelEndpt=0.0.0.0 Inbound TunnelEndpt=0.0.0.0, InitiateEvent=00000458,
IKE
> SrcPort=500 IKE DstPort=500
> 1-06: 14:09:16:604:254 Filter to match: Src 213.166.4.143 Dst
81.174.216.131
> 1-06: 14:09:16:604:254 MM PolicyName: L2TP Main Mode Policy
> 1-06: 14:09:16:604:254 MMPolicy dwFlags 8 SoftSAExpireTime 28800
> 1-06: 14:09:16:604:254 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup
> 268435457
> 1-06: 14:09:16:604:254 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
> 1-06: 14:09:16:604:254 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
> 1-06: 14:09:16:604:254 MMOffer[1] Encrypt: Triple DES CBC Hash: SHA
> 1-06: 14:09:16:604:254 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 2
> 1-06: 14:09:16:604:254 MMOffer[2] Encrypt: Triple DES CBC Hash: MD5
> 1-06: 14:09:16:604:254 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
> 1-06: 14:09:16:604:254 MMOffer[3] Encrypt: DES CBC Hash: SHA
> 1-06: 14:09:16:604:254 MMOffer[4] LifetimeSec 28800 QMLimit 0 DHGroup 1
> 1-06: 14:09:16:604:254 MMOffer[4] Encrypt: DES CBC Hash: MD5
> 1-06: 14:09:16:604:254 Auth[0]:RSA Sig DC=local, DC=redline,
> CN=DakarEntRoot AuthFlags 0
> 1-06: 14:09:16:604:254 QM PolicyName: L2TP Require Encryption Quick Mode
> Policy dwFlags 0
> 1-06: 14:09:16:604:254 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:254 QMOffer[0] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:254 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
> 1-06: 14:09:16:604:254 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:254 QMOffer[1] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:254 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
> 1-06: 14:09:16:604:254 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:254 QMOffer[2] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:254 Algo[0] Operation: AH Algo: SHA
> 1-06: 14:09:16:604:254 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
0
> 1-06: 14:09:16:604:254 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:254 QMOffer[3] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:254 Algo[0] Operation: AH Algo: MD5
> 1-06: 14:09:16:604:254 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
0
> 1-06: 14:09:16:604:254 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:254 QMOffer[4] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:604:254 Algo[0] Operation: AH Algo: SHA
> 1-06: 14:09:16:604:254 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
> 1-06: 14:09:16:604:254 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:604:254 QMOffer[5] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:614:254 Algo[0] Operation: AH Algo: MD5
> 1-06: 14:09:16:614:254 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
> 1-06: 14:09:16:614:254 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:614:254 QMOffer[6] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:614:254 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
> 1-06: 14:09:16:614:254 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:614:254 QMOffer[7] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:614:254 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
> 1-06: 14:09:16:614:254 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:614:254 QMOffer[8] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:614:254 Algo[0] Operation: AH Algo: SHA
> 1-06: 14:09:16:614:254 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
> 1-06: 14:09:16:614:254 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:614:254 QMOffer[9] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:614:254 Algo[0] Operation: AH Algo: MD5
> 1-06: 14:09:16:614:254 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
> 1-06: 14:09:16:614:254 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:614:254 QMOffer[10] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:614:254 Algo[0] Operation: AH Algo: SHA
> 1-06: 14:09:16:614:254 Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
> 1-06: 14:09:16:614:254 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
> 1-06: 14:09:16:614:254 QMOffer[11] dwFlags 0 dwPFSGroup 0
> 1-06: 14:09:16:614:254 Algo[0] Operation: AH Algo: MD5
> 1-06: 14:09:16:614:254 Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
> 1-06: 14:09:16:614:254 Starting Negotiation: src = 81.174.216.131.0500,
dst
> = 213.166.4.143.0500, proto = 17, context = 00000000, ProxySrc =
> 81.174.216.131.1701, ProxyDst = 213.166.4.143.1701 SrcMask = 0.0.0.0
DstMask
> = 0.0.0.0
> 1-06: 14:09:16:614:254 constructing ISAKMP Header
> 1-06: 14:09:16:614:254 constructing SA (ISAKMP)
> 1-06: 14:09:16:614:254 Constructing Vendor MS NT5 ISAKMPOAKLEY
> 1-06: 14:09:16:614:254 Constructing Vendor FRAGMENTATION
> 1-06: 14:09:16:614:254 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
> 1-06: 14:09:16:614:254 Constructing Vendor Vid-Initial-Contact
> 1-06: 14:09:16:614:254
> 1-06: 14:09:16:614:254 Sending: SA = 0x00162D90 to 213.166.4.143:Type
2.500
> 1-06: 14:09:16:614:254 ISAKMP Header: (V1.0), len = 312
> 1-06: 14:09:16:614:254 I-COOKIE ffb12588ba3d1a04
> 1-06: 14:09:16:614:254 R-COOKIE 0000000000000000
> 1-06: 14:09:16:614:254 exchange: Oakley Main Mode
> 1-06: 14:09:16:614:254 flags: 0
> 1-06: 14:09:16:614:254 next payload: SA
> 1-06: 14:09:16:614:254 message ID: 00000000
> 1-06: 14:09:16:614:254 Ports S:f401 D:f401
> 1-06: 14:09:16:614:254 Activating InitiateEvent 00000458
> 1-06: 14:09:17:315:b4 retransmit: sa = 00162D90 centry 00000000 , count =
1
> 1-06: 14:09:17:315:b4
> 1-06: 14:09:17:315:b4 Sending: SA = 0x00162D90 to 213.166.4.143:Type
2.500
> 1-06: 14:09:17:315:b4 ISAKMP Header: (V1.0), len = 312
> 1-06: 14:09:17:315:b4 I-COOKIE ffb12588ba3d1a04
> 1-06: 14:09:17:315:b4 R-COOKIE 0000000000000000
> 1-06: 14:09:17:315:b4 exchange: Oakley Main Mode
> 1-06: 14:09:17:315:b4 flags: 0
> 1-06: 14:09:17:315:b4 next payload: SA
> 1-06: 14:09:17:315:b4 message ID: 00000000
> 1-06: 14:09:17:315:b4 Ports S:f401 D:f401
> 1-06: 14:09:19:318:b4 retransmit: sa = 00162D90 centry 00000000 , count =
2
> 1-06: 14:09:19:318:b4
> 1-06: 14:09:19:318:b4 Sending: SA = 0x00162D90 to 213.166.4.143:Type
2.500
> 1-06: 14:09:19:318:b4 ISAKMP Header: (V1.0), len = 312
> 1-06: 14:09:19:318:b4 I-COOKIE ffb12588ba3d1a04
> 1-06: 14:09:19:318:b4 R-COOKIE 0000000000000000
> 1-06: 14:09:19:318:b4 exchange: Oakley Main Mode
> 1-06: 14:09:19:318:b4 flags: 0
> 1-06: 14:09:19:318:b4 next payload: SA
> 1-06: 14:09:19:318:b4 message ID: 00000000
> 1-06: 14:09:19:318:b4 Ports S:f401 D:f401
> 1-06: 14:09:23:324:b4 retransmit: sa = 00162D90 centry 00000000 , count =
3
> 1-06: 14:09:23:324:b4
> 1-06: 14:09:23:324:b4 Sending: SA = 0x00162D90 to 213.166.4.143:Type
2.500
> 1-06: 14:09:23:324:b4 ISAKMP Header: (V1.0), len = 312
> 1-06: 14:09:23:324:b4 I-COOKIE ffb12588ba3d1a04
> 1-06: 14:09:23:324:b4 R-COOKIE 0000000000000000
> 1-06: 14:09:23:324:b4 exchange: Oakley Main Mode
> 1-06: 14:09:23:324:b4 flags: 0
> 1-06: 14:09:23:324:b4 next payload: SA
> 1-06: 14:09:23:324:b4 message ID: 00000000
> 1-06: 14:09:23:324:b4 Ports S:f401 D:f401
> 1-06: 14:09:31:361:b4 retransmit: sa = 00162D90 centry 00000000 , count =
4
> 1-06: 14:09:31:361:b4
> 1-06: 14:09:31:361:b4 Sending: SA = 0x00162D90 to 213.166.4.143:Type
2.500
> 1-06: 14:09:31:361:b4 ISAKMP Header: (V1.0), len = 312
> 1-06: 14:09:31:361:b4 I-COOKIE ffb12588ba3d1a04
> 1-06: 14:09:31:361:b4 R-COOKIE 0000000000000000
> 1-06: 14:09:31:361:b4 exchange: Oakley Main Mode
> 1-06: 14:09:31:361:b4 flags: 0
> 1-06: 14:09:31:361:b4 next payload: SA
> 1-06: 14:09:31:361:b4 message ID: 00000000
> 1-06: 14:09:31:361:b4 Ports S:f401 D:f401
> 1-06: 14:09:47:526:b4 retransmit: sa = 00162D90 centry 00000000 , count =
5
> 1-06: 14:09:47:526:b4
> 1-06: 14:09:47:526:b4 Sending: SA = 0x00162D90 to 213.166.4.143:Type
2.500
> 1-06: 14:09:47:526:b4 ISAKMP Header: (V1.0), len = 312
> 1-06: 14:09:47:526:b4 I-COOKIE ffb12588ba3d1a04
> 1-06: 14:09:47:526:b4 R-COOKIE 0000000000000000
> 1-06: 14:09:47:526:b4 exchange: Oakley Main Mode
> 1-06: 14:09:47:526:b4 flags: 0
> 1-06: 14:09:47:526:b4 next payload: SA
> 1-06: 14:09:47:526:b4 message ID: 00000000
> 1-06: 14:09:47:526:b4 Ports S:f401 D:f401
> 1-06: 14:10:19:857:b4 retransmit exhausted: sa = 00162D90 centry
00000000,
> count = 6
> 1-06: 14:10:19:857:b4 SA Dead. sa:00162D90 status:35ed
> 1-06: 14:10:19:857:b4 isadb_set_status sa:00162D90 centry:00000000 status
> 35ed
> 1-06: 14:10:19:857:b4 Key Exchange Mode (Main Mode)
> 1-06: 14:10:19:857:b4 Source IP Address 81.174.216.131 Source IP Address
> Mask 255.255.255.255 Destination IP Address 213.166.4.143 Destination IP
> Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port
0
> IKE Local Addr 81.174.216.131 IKE Peer Addr 213.166.4.143
> 1-06: 14:10:19:857:b4
> 1-06: 14:10:19:857:b4 Me
> 1-06: 14:10:19:857:b4 No response from peer
> 1-06: 14:10:19:857:b4 0x0 0x0
> 1-06: 14:10:19:857:b4 isadb_set_status InitiateEvent 00000458: Setting
> Status 35f5
> 1-06: 14:10:19:857:b4 Clearing sa 00162D90 InitiateEvent 00000458
> 1-06: 14:10:19:857:b4 constructing ISAKMP Header
> 1-06: 14:10:19:857:b4 constructing DELETE. MM 00162D90
> 1-06: 14:10:19:857:b4
> 1-06: 14:10:19:857:b4 Sending: SA = 0x00162D90 to 213.166.4.143:Type
1.500
> 1-06: 14:10:19:857:b4 ISAKMP Header: (V1.0), len = 56
> 1-06: 14:10:19:857:b4 I-COOKIE ffb12588ba3d1a04
> 1-06: 14:10:19:857:b4 R-COOKIE 0000000000000000
> 1-06: 14:10:19:857:b4 exchange: ISAKMP Informational Exchange
> 1-06: 14:10:19:857:b4 flags: 0
> 1-06: 14:10:19:857:b4 next payload: DELETE
> 1-06: 14:10:19:857:b4 message ID: f86caea6
> 1-06: 14:10:19:857:b4 Ports S:f401 D:f401
> 1-06: 14:10:19:857:6f8 CloseNegHandle 00000458
> 1-06: 14:10:19:857:6f8 SE cookie ffb12588ba3d1a04
> 1-06: 14:10:19:897:6f8 isadb_schedule_kill_oldPolicy_sas:
> f1022d93-9d66-4852-b4d709c2ea0bc5cb 4
> 1-06: 14:10:19:908:254 entered kill_old_policy_sas 4
> 1-06: 14:10:19:908:6c8 isadb_schedule_kill_oldPolicy_sas:
> da870090-81b5-40ad-9b241b6ed894bcbc 3
> 1-06: 14:10:19:908:52c isadb_schedule_kill_oldPolicy_sas:
> 0bd1757a-9b13-4caf-bcf730d954a1906d 2
> 1-06: 14:10:19:908:6f8 isadb_schedule_kill_oldPolicy_sas:
> 947d52bd-5122-49dd-a40628407440e0e4 1
> 1-06: 14:10:19:918:254 entered kill_old_policy_sas 3
> 1-06: 14:10:19:918:254 entered kill_old_policy_sas 2
> 1-06: 14:10:19:918:254 entered kill_old_policy_sas 1
> 1-06: 14:10:20:800:50c ClearFragList
>
>
> "OJ" wrote:
>
> > have you applied the 818043 fix if you have removed sp2?
> >
> > NAT-t translation may be the issue
> >
> > OJ
> >
> >
> > "James" <James@discussions.microsoft.com> wrote in message
> > news:05DE0EE5-7FD6-4C78-A7BB-B1C14C353A26@microsoft.com...
> > > Hi
> > > I have set up a L2TP/IPSec VPN using certificates across a LAN and
that
> > > works fine. However, when I try to connect to the same VPN Server
through
> > > the Internet I get error 789. I am using a dial up connection to
connect
> > to
> > > my ISP first and so do not have a permanent IP. Could this be causing
> > > problems?
> > >
> > > On the firewall, I have closed and reopened UDP ports 1701, 4500 and
500
> > to
> > > make sure these are OK. Also, I have created another L2TP/IPSec VPN
from
> > a
> > > fixed IP address which passes through fine.
> > >
> > > The XP client has SP2 installed.
> > >
> > > Event Viewer creates the following Failure Audit for the connection:
> > >
> > > Event Type: Failure Audit
> > > Event Source: Security
> > > Event Category: Logon/Logoff
> > > Event ID: 547
> > > Date: 05/01/2005
> > > Time: 11:51:17
> > > User: NT AUTHORITY\NETWORK SERVICE
> > > Computer: REDLINELT1
> > > Description:
> > > IKE security association negotiation failed.
> > > Mode:
> > > Key Exchange Mode (Main Mode)
> > >
> > > Filter:
> > > Source IP Address 81.174.218.30
> > > Source IP Address Mask 255.255.255.255
> > > Destination IP Address 213.166.4.143
> > > Destination IP Address Mask 255.255.255.255
> > > Protocol 0
> > > Source Port 0
> > > Destination Port 0
> > > IKE Local Addr 81.174.218.30
> > > IKE Peer Addr 213.166.4.143
> > >
> > > Peer Identity:
> > >
> > > Failure Point:
> > > Me
> > >
> > > Failure Reason:
> > > No response from peer
> > >
> > > Extra Status:
> > > 0x0 0x0
> > >
> > >
> > > For more information, see Help and Support Center at
> > > http://go.microsoft.com/fwlink/events.asp.
> > >
> > > Any help would be greatly appreciated.
> > > Thanks.
> > >
> >
> >
> >
Facebook
Twitter
Instagram