Establishing L2TP/IPSEC vpn

I have a new laptop, running Windows 8.1 Pro. I am trying to set up an L2TP/IPSEC vpn to my office.
I have created the connection, and filled in the various settings including PSK, but whenever I try and connect it fails with Error 789. I have checked this against my Windows XP / Vista / 7 laptops (which all work fine), and the VPN setup details are all
identical. It works fine on all the other laptops, but not on Windows 8.1.
Is there something special about Windows 8.1 that would prevent this from working?

Hi,
Please check the solution in this thread:
http://social.technet.microsoft.com/Forums/windows/en-US/630488b8-e638-488d-803a-08ef9281e4fb/windows-7-ipsecl2tp-vpn-connection-problem
Also, please check solution “Error Code: 789, 835” in this article:
Troubleshooting common VPN related errors
http://blogs.technet.com/b/rrasblog/archive/2009/08/12/troubleshooting-common-vpn-related-errors.aspx
Since this issue can also be caused by third-part security program, please disable it and recreate the connection again to check the results.
Please take time to perform the steps above and let me know the results.
Karen Hu
TechNet Community Support

Similar Messages

  • [SOLVED]Connecting to L2TP/IPSec VPN problem: pppd seems not starting

    I'm trying to connect to an L2TP/IPsec VPN server, by ipsec-tools + xl2tpd.
    Here is my setup:
    /etc/racoon.conf:
    log debug;
    path pre_shared_key "/etc/racoon/psk.txt";
    padding {
    maximum_length 20;
    randomize off;
    strict_check off;
    exclusive_tail off;
    remote anonymous {
    exchange_mode main;
    doi ipsec_doi;
    situation identity_only;
    generate_policy on;
    nat_traversal on;
    proposal_check obey;
    proposal {
    encryption_algorithm aes 256;
    lifetime time 3600 sec;
    hash_algorithm sha1;
    authentication_method pre_shared_key;
    dh_group modp1024;
    sainfo anonymous {
    lifetime time 3600 sec;
    encryption_algorithm aes 256;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate;
    /etc/racoon/psk.txt:
    #broadband
    137.189.192.201 the-server-psk
    137.189.192.204 the-server-psk
    Here the two IPs are the IPs of vpn.cuhk.edu.hk, which is the VPN server.
    /etc/xl2tpd/xl2tpd.conf:
    [global]
    port = 1701
    auth file = /etc/ppp/pap-secrets
    debug network = yes
    debug avp = yes
    debug packet = yes
    debug state = yes
    debug tunnel = yes
    [lac connect]
    lns = vpn.cuhk.edu.hk
    name = vpn-server
    redial = yes
    redial timeout = 15
    max redials = 5
    hidden bit = yes
    refuse chap = yes
    require pap = yes
    ppp debug = yes
    pppoptfile = /etc/ppp/options.xl2tpd
    /etc/ppp/pap-secrets:
    # Secrets for authentication using PAP
    # client server secret IP addresses
    myusername * mypassword *
    /etc/ppp/options.xl2tpd:
    lock
    debug
    mtu 1000
    nobsdcomp
    nodeflate
    noaccomp
    nopcomp
    novj
    defaultroute
    refuse-chap
    refuse-mschap
    refuse-mschap-v2
    connect-delay 5000
    name myusername
    password mypassword
    spd.sh:
    #!/bin/sh
    Then I do the following:
    # 192.168.1.1 is my lan gateway
    sudo ip route add 137.189.192.201 via 192.168.1.1
    sudo ip route add 137.189.192.204 via 192.168.1.1
    # For adding spd, script from the VPN server
    echo -e flush\; | sudo setkey -c
    echo -e spdflush\; | sudo setkey -c
    echo -e spdadd 192.168.1.173/32\[1701\] 0.0.0.0\/0\[0\] any \-P out ipsec esp\/transport\/\/require\; | sudo setkey -c
    sudo systemctl start racoon
    sudo systemctl start xl2tpd
    echo "c connect" | sudo tee /var/run/xl2tpd/l2tp-control
    I expect that some network interface like ppp0 will be created, but nothing happened.
    Then I check the record, and find something weird in xl2tpd log (from journalctl, racoon and sudo logs skipped):
    8月 21 01:13:40 nkdesktop systemd[1]: Stopped Level 2 Tunnel Protocol Daemon (L2TP).
    8月 21 01:13:41 nkdesktop systemd[1]: Starting Racoon IKEv1 key management daemon for IPSEC...
    8月 21 01:13:41 nkdesktop systemd[1]: Started Racoon IKEv1 key management daemon for IPSEC.
    8月 21 01:13:43 nkdesktop systemd[1]: Starting Level 2 Tunnel Protocol Daemon (L2TP)...
    8月 21 01:13:43 nkdesktop systemd[1]: Started Level 2 Tunnel Protocol Daemon (L2TP).
    8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: setsockopt recvref[30]: Protocol not available
    8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Using l2tp kernel support.
    8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: xl2tpd version xl2tpd-1.3.6 started on nkdesktop PID:19639
    8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
    8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Forked by Scott Balmos and David Stipp, (C) 2001
    8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Inherited by Jeff McAdams, (C) 2002
    8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Forked again by Xelerance (www.xelerance.com) (C) 2006
    8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Listening on IP address 0.0.0.0, port 1701
    8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: get_call: allocating new tunnel for host 137.189.192.204, port 1701.
    8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Connecting to host vpn.cuhk.edu.hk, port 1701
    8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
    8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: sending SCCRQ
    8月 21 01:13:46 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select timeout
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select timeout
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 103, tunnel = 30858, call = 0 ref=0 refhim=0
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 0
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: protocol_version_avp: peer is using version 1, revision 0.
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: framing_caps_avp: supported peer frames: async sync
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: bearer_caps_avp: supported peer bearers:
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: firmware_rev_avp: peer reports firmware version 1648 (0x0670)
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: hostname_avp: peer reports hostname 'eriwan'
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: vendor_avp: peer reports vendor 'Adtran, l2tpd'
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_tunnel_avp: using peer's tunnel 4733
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 4733, call is 0.
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: sending SCCCN
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Connection established to 137.189.192.204, 1701. Local: 30858, Remote: 4733 (ref=0/0).
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Calling on tunnel 30858
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is (null)(0). Tunnel is 4733, call is 0.
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: sending ICRQ
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 12, tunnel = 30858, call = 0 ref=0 refhim=0
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 28, tunnel = 30858, call = 63662 ref=0 refhim=0
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 63662
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 11 (Incoming-Call-Reply)
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_call_avp: using peer's call 31346
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Incoming-Call-Reply(11). Tunnel is 4733, call is 31346.
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: Sending ICCN
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Call established with 137.189.192.204, Local: 63662, Remote: 31346, Serial: 1 (ref=0/0)
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: start_pppd: I'm running:
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "/usr/sbin/pppd"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "passive"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "nodetach"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: ":"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "refuse-chap"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "name"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "vpn-server"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "debug"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "file"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "/etc/ppp/options.xl2tpd"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "plugin"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "pppol2tp.so"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "pppol2tp"
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "7"
    8月 21 01:13:47 nkdesktop pppd[19647]: Plugin pppol2tp.so loaded.
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 12, tunnel = 30858, call = 0 ref=0 refhim=0
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 12, tunnel = 30858, call = 63662 ref=0 refhim=0
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 38, tunnel = 30858, call = 63662 ref=0 refhim=0
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 63662
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 14 (Call-Disconnect-Notify)
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: result_code_avp: peer closing for reason 1 (General request to clear control connection), error = 0 ()
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_call_avp: using peer's call 31346
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Call-Disconnect-Notify(14). Tunnel is 4733, call is 31346.
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: Connection closed to 137.189.192.204, serial 1 ()
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Terminating pppd: sending TERM signal to pid 19647
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 38, tunnel = 30858, call = 0 ref=0 refhim=0
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 0
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 4 (Stop-Control-Connection-Notification)
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_tunnel_avp: using peer's tunnel 4733
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: result_code_avp: peer closing for reason 1 (General request to clear control connection), error = 0 ()
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Stop-Control-Connection-Notification(4). Tunnel is 4733, call is 0.
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: Connection closed to 137.189.192.204, port 1701 (), Local: 30858, Remote: 4733
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: build_fdset: closing down tunnel 30858
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select returned error 9 (Bad file descriptor)
    8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select returned error 4 (Interrupted system call)
    ... then xl2tpd repeatedly trying to build a connection and fails for every 15s ...
    I think pppd should have showed more logs, rather than just loading a module.
    But I have no idea about what's wrong.
    Or did I just forget to turn on the log function of pppd? If so, how should I turn it on?
    Anyone can help?
    Last edited by nnkken (2014-08-24 08:42:03)

    Additional information:
    Today I decrypted the IPSec ESP packets by Wireshark (what an awesome function) and compared the L2TP message of my ArchLinux and MacOSX to the same VPN Server.
    And I found that while both ArchLinux and MacOSX sends Incomming_Call_Connection (ICCN) packet, the packet are quite different:
    The ArchLinux ICCN Packet has 2 additional AVP fields: Random Vector AVP and RX Connect Speed AVP.
    Also, the Connect Speed AVP (and also the RX Connect Speed AVP) field is 0, which is different from MacOSX (100000).
    After the ICCN packet, MacOCX sends a PPP packet over L2TP, while ArchLinux sends nothing and the server sends a Call_Disconnect_Notification to ArchLinux.
    Anyone knows whether this is a bug or something wrong in config?
    Last edited by nnkken (2014-08-22 20:19:49)

  • Looking for help to set up l2tp Ipsec vpn on asa 5055

    I am trying to set up a L2tp Ipsec vpn on asa 5055 and I am using windows 8.1 build in VPN client to connect to it. I got the following error. Anyone has experence please help.
    Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, All IPSec SA proposals found unacceptable!
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending notify message
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing blank hash payload
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing ipsec notify payload for msg id 1
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing qm hash payload
    Apr 17 22:48:21 [IKEv1]IP = 209.171.88.81, IKE_DECODE SENDING Message (msgid=6a50f8f9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
    Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, QM FSM error (P2 struct &0xad6946b8, mess id 0x1)!
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE QM Responder FSM error history (struct &0xad6946b8)  <state>, <event>:  QM_DONE, EV_ERROR-->QM_BLD_MSG2, 
    EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, 
    EV_COMP_HASH
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending delete/delete with reason message
    Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, Removing peer from correlator table failed, no match!
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE SA MM:d8870fa5 rcv'd Terminate: state MM_ACTIVE  flags 0x00000042, refcnt 1, tuncnt 0
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE SA MM:d8870fa5 terminating:  flags 0x01000002, refcnt 0, tuncnt 0
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending delete/delete with reason message
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing blank hash payload
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing IKE delete payload
    Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing qm hash payload
    Apr 17 22:48:21 [IKEv1]IP = 209.171.88.81, IKE_DECODE SENDING Message (msgid=232654dc) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
    Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, Session is being torn down. Reason: Phase 2 Mismatch
    I am new to this so I don't know what I should do next. Thanks

    Here it is. Thanks.
    CL-T179-12IH# show run crypto
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
    crypto ipsec ikev2 ipsec-proposal DES
     protocol esp encryption des
     protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal 3DES
     protocol esp encryption 3des
     protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES
     protocol esp encryption aes
     protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES192
     protocol esp encryption aes-192
     protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES256
     protocol esp encryption aes-256
     protocol esp integrity sha-1 md5
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto ca trustpoint vpn
     enrollment self
     subject-name CN=174.142.90.17
     crl configure
    crypto ca trustpool policy
    crypto ca certificate chain vpn
     certificate 2d181c55
        308201ff 30820168 a0030201 0202042d 181c5530 0d06092a 864886f7 0d010105
        05003044 31163014 06035504 03130d31 37342e31 34322e39 302e3137 312a3028
        06092a86 4886f70d 01090216 1b434c2d 54313739 2d313249 482e7072 69766174
        65646e73 2e636f6d 301e170d 31353034 31363033 31393439 5a170d32 35303431
        33303331 3934395a 30443116 30140603 55040313 0d313734 2e313432 2e39302e
        3137312a 30280609 2a864886 f70d0109 02161b43 4c2d5431 37392d31 3249482e
        70726976 61746564 6e732e63 6f6d3081 9f300d06 092a8648 86f70d01 01010500
        03818d00 30818902 818100bf 797d1cc1 cfffc634 8c3b2a4b ce27b1c9 3fc3e026
        4f6cd8f4 c9675aca b5176cef 7f3df142 35ba4e15 2613d34c 91bb5da3 14b34b6c
        71e4ff44 f129046f 7f91e73f 2c9d42f9 93001559 ea6c71c1 1a848073 15da79f7
        a41081ee b4cd3cc3 baa7a272 3a5fb32d 66dedee6 5994d4b2 ad9d7489 44ec9eb9
        44038a2a 817e935f 1bb7ad02 03010001 300d0609 2a864886 f70d0101 05050003
        8181002c 6cee9ae7 a037698a 5690aca1 f01c87db 04d9cbc6 65bda6dc a17fc4b6
        b1fd419e 56df108f b06edfe6 ab5a5eb3 5474a7fe 58970da3 23e6bc6e 36ab8f62
        d5c442bf 43581eb3 26b8cf26 6a667a8b ddd25a73 a094f0d0 65092ff8 d2a644d8
        3d7da7ca efeb9e2f 84807fdf 0cf3d75e bcb65ba4 7b51cb49 f912f516 f95b5d86
        da0e01
      quit
    crypto ikev2 policy 1
     encryption aes-256
     integrity sha
     group 5 2
     prf sha
     lifetime seconds 86400
    crypto ikev2 policy 10
     encryption aes-192
     integrity sha
     group 5 2
     prf sha
     lifetime seconds 86400
    crypto ikev2 policy 30
     encryption 3des
     integrity sha
     group 5 2
     prf sha
     lifetime seconds 86400
    crypto ikev2 policy 40
     encryption des
     integrity sha
     group 5 2
     prf sha
     lifetime seconds 86400
    crypto ikev2 enable outside client-services port 443
    crypto ikev2 remote-access trustpoint vpn
    crypto ikev1 enable outside
    crypto ikev1 policy 10
     authentication crack
     encryption aes-256
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 20
     authentication rsa-sig
     encryption aes-256
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 30
     authentication pre-share
     encryption aes-256
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 40
     authentication crack
     encryption aes-192
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 50
     authentication rsa-sig
     encryption aes-192
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 60
     authentication pre-share
     encryption aes-192
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 70
     authentication crack
     encryption aes
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 80
     authentication rsa-sig
     encryption aes
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 90
     authentication pre-share
     encryption aes
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 100
     authentication crack
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 110
     authentication rsa-sig
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 120
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 130
     authentication crack
     encryption des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 140
     authentication rsa-sig
     encryption des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 150
     authentication pre-share
     encryption des
     hash sha
     group 2
     lifetime 86400

  • Port Forwarding for L2TP/IPSec VPN Behind Verizon Actiontec MI424WR-GEN2 Rev. E v20.21.0.2

    I've got a NAS setup with various services running on custom ports to help minimize exposure (especially to script kiddies). I've tested everything both internally and externally to confirm they all work, and even had someone at a remote location confirm accessibility as well.  Port forward configurations performed on the Actiontec are working well. 
    I installed an L2TP/IPSec VPN server, tested internally and it connected successfully.  So for all intents & purposes, this validates that the VPN server is correctly configured to accept inbound connections and functioning correctly.
    I logged into the Verizon Actiontec MI424WR router, setup port forwarding for UDP ports 500, 1701 & 4500.
    Note: I added the AH & ESP protocols based on what I saw on the built-in L2TP/IPSec rules
    With the port forwarding in place, I tested VPN externally but it didn't connect.
    I've done the following so far to no avail:
    Double & triple checked the port forwards, deleted & recreated the rules a few times to be sure
    There are no other pre-existing L2RP/IPSec port forward rules or otherwise conflicting port forward rules (e.g.: another rule for ports 500, 1701 or 4500)
    There was an L2TP port triggering rule enabled, that I toggled on and off with no change
    Verified the firewall on VPN server had an exclusion for L2TP, or that the firewall is off. (Firewall is off to reduce a layer of complexity, but it worked internally to begin with so I doubt that's the issue.)
    Since it works internally, and there are no entries in the logs on the device indicating inbound connections, I'm convinced its an issue with the Verizon Actiontec router.  But unfortunately, I'm not sure what else to try or where else to look to troubleshoot this.  For instance, is there a log on the router that I can view in real time (e.g.: tail) that would show me whether or not the inbound connection attempt is reaching the device, and whether or not the device allowed or blocked it?
    My router details:
    Verizon Actiontec
    MI424WR-GEN2
    Revision E
    Firmware 20.21.0.2
    Verizon Actiontec built-in L2TP/IPSec rule templates.  They're not currently in use, but are baked into the firmware for easy configuration/selection from a drop down menu.
    Solved!
    Go to Solution.

    normally a vpn on that router, will have a GRE tunneling protocol as well.
    two ways to build the PF rules,
    Manually
    Preconfigured
    I know the preconfigured VPN rules will do the GRE protocol as well, but if you do it by hand you can't get it.

  • Problem with L2TP IPSEC VPN login...

    Hello,
    I have a problem with my trying to login on my laptop to my work vpn.  I was given from my work, the vpn's ip address, the psk, my username, and password for the vpn.  I feel like I am hitting a brick wall and makes me just want to forget it all together...  I can get in with my info on this same laptop on the same connection at my apartment from my windows 8.1 partition just fine.  I have also verified and triple checked all my vpn information required.  I also don't know but I think have it setup to use PAP, MS CHAP, or MS CHAP v2..  Any help I would be greatly appreciated.  Pretty much the way my VPN for my work works is you have to VPN on L2TP over IPSEC with a username and password and a psk to allow you to remote desktop to my desktop at work.  Really wish this could work as I am tired of supporting windows at home when I pretty much only use it to VPN into work when I have to get work done...
    pacman -Q openswan
    openswan 2.6.41-1
    pacman -Q xl2tpd
    xl2tpd 1.3.6-1
    uname -a
    Linux tux 3.17.1-1-ARCH #1 SMP PREEMPT Wed Oct 15 15:04:35 CEST 2014 x86_64 GNU/Linux
    Now I have all the configs setup below following the L2TP/IPsec VPN client setup arch wiki page and I keep getting this:
    ipsec auto --up <vpn connection name>
    022 "<vpn connection name>": We cannot identify ourselves with either end of this connection.
    my process to run the vpn connection:
    sudo systemctl start openswan
    sudo systemctl start xl2tpd
    ipsec auto --up <vpn connection name>
    echo "c <vpn connection name>" > /var/run/xl2tpd/l2tp-control
    how I added my vpn connection:
    sudo ipsec auto --add <vpn connection name>
    /etc/xl2tpd/xl2tpd.conf
    [global]
    ; listen-addr = <my ip address>
    debug avp = no
    debug network = no
    debug packet = no
    debug state = no
    debug tunnel = no
    [lac <vpn connection name>]
    lns = <vpn ip address>
    pppoptfile = /etc/ppp/<vpn connection name>.options.xl2tpd
    length bit = no
    redial = no
    /etc/ppp/<vpn connection name>.options.xl2tpd
    plugin passprompt.so
    ipcp-accept-local
    ipcp-accept-remote
    idle 72000
    ktune
    noproxyarp
    asyncmap 0
    noauth
    crtscts
    lock
    hide-password
    modem
    noipx
    ipparam L2tpIPsecVpn-<vpn connection name>
    promptprog "/usr/bin/L2tpIPsecVpn"
    refuse-eap
    remotename ""
    name "<vpn username>"
    password <vpn password>
    usepeerdns
    /etc/ipsec.secrets
    %any @<vpn ip address>: PSK <psk key here>
    Last edited by adramalech (2014-10-25 04:53:46)

    Hello,
    I have a problem with my trying to login on my laptop to my work vpn.  I was given from my work, the vpn's ip address, the psk, my username, and password for the vpn.  I feel like I am hitting a brick wall and makes me just want to forget it all together...  I can get in with my info on this same laptop on the same connection at my apartment from my windows 8.1 partition just fine.  I have also verified and triple checked all my vpn information required.  I also don't know but I think have it setup to use PAP, MS CHAP, or MS CHAP v2..  Any help I would be greatly appreciated.  Pretty much the way my VPN for my work works is you have to VPN on L2TP over IPSEC with a username and password and a psk to allow you to remote desktop to my desktop at work.  Really wish this could work as I am tired of supporting windows at home when I pretty much only use it to VPN into work when I have to get work done...
    pacman -Q openswan
    openswan 2.6.41-1
    pacman -Q xl2tpd
    xl2tpd 1.3.6-1
    uname -a
    Linux tux 3.17.1-1-ARCH #1 SMP PREEMPT Wed Oct 15 15:04:35 CEST 2014 x86_64 GNU/Linux
    Now I have all the configs setup below following the L2TP/IPsec VPN client setup arch wiki page and I keep getting this:
    ipsec auto --up <vpn connection name>
    022 "<vpn connection name>": We cannot identify ourselves with either end of this connection.
    my process to run the vpn connection:
    sudo systemctl start openswan
    sudo systemctl start xl2tpd
    ipsec auto --up <vpn connection name>
    echo "c <vpn connection name>" > /var/run/xl2tpd/l2tp-control
    how I added my vpn connection:
    sudo ipsec auto --add <vpn connection name>
    /etc/xl2tpd/xl2tpd.conf
    [global]
    ; listen-addr = <my ip address>
    debug avp = no
    debug network = no
    debug packet = no
    debug state = no
    debug tunnel = no
    [lac <vpn connection name>]
    lns = <vpn ip address>
    pppoptfile = /etc/ppp/<vpn connection name>.options.xl2tpd
    length bit = no
    redial = no
    /etc/ppp/<vpn connection name>.options.xl2tpd
    plugin passprompt.so
    ipcp-accept-local
    ipcp-accept-remote
    idle 72000
    ktune
    noproxyarp
    asyncmap 0
    noauth
    crtscts
    lock
    hide-password
    modem
    noipx
    ipparam L2tpIPsecVpn-<vpn connection name>
    promptprog "/usr/bin/L2tpIPsecVpn"
    refuse-eap
    remotename ""
    name "<vpn username>"
    password <vpn password>
    usepeerdns
    /etc/ipsec.secrets
    %any @<vpn ip address>: PSK <psk key here>
    Last edited by adramalech (2014-10-25 04:53:46)

  • [SOLVED] l2tp-ipsec-vpn-daemon from AUR fails to build

    Please let me know if there are other details that require posting:-
    ==> Starting build()...
    /usr/bin/qmake -o qttmp-Release.mk -after "OBJECTS_DIR=build/Release" "DESTDIR=dist/Release" nbproject/qt-Release.pro
    mv -f qttmp-Release.mk nbproject/qt-Release.mk
    make -f nbproject/qt-Release.mk dist/Release/L2tpIPsecVpnControlDaemon
    make[1]: Entering directory '/tmp/yaourt-tmp-nimda/aur-l2tp-ipsec-vpn-daemon/src/l2tp-ipsec-vpn-daemon'
    g++ -c -pipe -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -Wall -W -D_REENTRANT -fPIE -DQT_NO_DEBUG -DQT_NETWORK_LIB -DQT_CORE_LIB -I/usr/lib/qt/mkspecs/linux-g++ -Inbproject -isystem /usr/include/qt -isystem /usr/include/qt/QtNetwork -isystem /usr/include/qt/QtCore -Isrc/generated -I. -o build/Release/main.o src/main.cpp
    g++ -c -pipe -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -Wall -W -D_REENTRANT -fPIE -DQT_NO_DEBUG -DQT_NETWORK_LIB -DQT_CORE_LIB -I/usr/lib/qt/mkspecs/linux-g++ -Inbproject -isystem /usr/include/qt -isystem /usr/include/qt/QtNetwork -isystem /usr/include/qt/QtCore -Isrc/generated -I. -o build/Release/VpnClientConnection.o src/VpnClientConnection.cpp
    src/VpnClientConnection.cpp: In member function 'void VpnClientConnection::readyRead()':
    src/VpnClientConnection.cpp:133:99: error: 'class QString' has no member named 'toAscii'
    ::syslog(LOG_DEBUG|LOG_DAEMON, "Executing command %s", m_strActiveCommand.toAscii().constData());
    ^
    src/VpnClientConnection.cpp:140:75: error: 'class QString' has no member named 'toAscii'
    if (COMMANDS[iCommand].pPipe->write(strCommand.toAscii().constData()) == strCommand.length())
    ^
    src/VpnClientConnection.cpp:159:63: error: 'class QString' has no member named 'toAscii'
    if (::mkfifo(strCommandParts[1].toAscii().constData(), DEFFILEMODE) == 0)
    ^
    src/VpnClientConnection.cpp:161:84: error: 'class QString' has no member named 'toAscii'
    const int iChmodResult(::chmod(strCommandParts[1].toAscii().constData(), DEFFILEMODE));
    ^
    src/VpnClientConnection.cpp:168:87: error: 'class QString' has no member named 'toAscii'
    const int iChownResult(::chown(strCommandParts[1].toAscii().constData(), pPwdInfo->pw_uid, pPwdInfo->pw_gid));
    ^
    src/VpnClientConnection.cpp:193:77: error: 'const class QString' has no member named 'toAscii'
    if (COMMANDS[iCommand].pPipe->write(str.toAscii().constData()) != str.length())
    ^
    src/VpnClientConnection.cpp: In member function 'void VpnClientConnection::onCommandError(QProcess::ProcessError)':
    src/VpnClientConnection.cpp:250:96: error: 'class QString' has no member named 'toAscii'
    ::syslog(LOG_DEBUG|LOG_DAEMON, "Command %s finished with error code %d", m_strActiveCommand.toAscii().constData(), ERR_COMMAND_FAILED_TO_START + iError);
    ^
    src/VpnClientConnection.cpp: In member function 'void VpnClientConnection::onCommandFinished(int)':
    src/VpnClientConnection.cpp:257:95: error: 'class QString' has no member named 'toAscii'
    ::syslog(LOG_DEBUG|LOG_DAEMON, "Command %s finished with exit code %d", m_strActiveCommand.toAscii().constData(), iExitCode);
    ^
    src/VpnClientConnection.cpp: In member function 'bool VpnClientConnection::send(VpnClientConnection::ResponseType, VpnClientConnection::ResponseResult, const QString&)':
    src/VpnClientConnection.cpp:268:118: error: 'const class QString' has no member named 'toAscii'
    m_pSocket->write((QString::number(responseType) + " " + QString::number(resultCode) + " " + strCommand + '\n').toAscii().constData());
    ^
    src/VpnClientConnection.cpp: In member function 'bool VpnClientConnection::send(VpnClientConnection::ResponseType, VpnClientConnection::ResponseInformation)':
    src/VpnClientConnection.cpp:281:108: error: 'const class QString' has no member named 'toAscii'
    m_pSocket->write((QString::number(responseType) + " " + QString::number(responseInformation) + '\n').toAscii().constData());
    ^
    src/VpnClientConnection.cpp: In member function 'bool VpnClientConnection::send(VpnClientConnection::ResponseType, const QString&)':
    src/VpnClientConnection.cpp:294:78: error: 'const class QString' has no member named 'toAscii'
    m_pSocket->write((QString::number(responseType) + " " + strOutputline).toAscii().constData());
    ^
    nbproject/qt-Release.mk:319: recipe for target 'build/Release/VpnClientConnection.o' failed
    make[1]: *** [build/Release/VpnClientConnection.o] Error 1
    make[1]: Leaving directory '/tmp/yaourt-tmp-nimda/aur-l2tp-ipsec-vpn-daemon/src/l2tp-ipsec-vpn-daemon'
    Makefile:62: recipe for target 'build' failed
    make: *** [build] Error 2
    ==> ERROR: A failure occurred in build().
    Aborting...
    ==> ERROR: Makepkg was unable to build l2tp-ipsec-vpn-daemon.
    Last edited by n1md4 (2014-06-06 09:47:25)

    Have you tried 0.9.9-2 from the comments: https://aur.archlinux.org/packages/l2tp … pn-daemon/ ?

  • Is there a limit to the number of concurrent L2TP/IPSec VPN connections in Snow Leopard

    Hi,
    I'm currently running an L2TP/IPSec service from a Snow Leopard server VM running on the latest version of Lion Server ( Had loads of issues with Lion VPN connectivity from outside our network when I first upgraded the physical server to Lion. quickest way to get the service back was to run an S/L VM. I know that there have been some changes to Lion in the VPN area, but this works... sort of;;;)
    I've got an IP address pool of 20 addresses confgured as this is only for ICT staff members. Each user has a local userid/password on the S/L server. For me, things just work.
    iPhone, iPad, OS X lion client they all work and I've had about 3 simultaneous connections up and running.However, the majority of staff users use Windows 7 client machines and they're been reporting sporadic connection failures where one moment they can get connected and the next they can't.  I'm currently wondring if there is some concurrent limit setting they are hitting and are getting slung off because I've got other users using the service.  It would be a bit strange if S/L can only support 2 or 3 connections out of the box.
    Then again it might be VMWare Fusion (Vsn 4.1.1) thats the problem.
    Any help apppreciated
    Rgds
    Alex

    You have to count to have about 30GB at least free on the startup disk, after you have the library loaded.
    On the external you have space enough.
    As far as I know there is no limit for iPhoto, but I suggest to not let it grow too much, because everything will become sluggish, also making backups. It should be possible to split up in more libraries, one that is really actual and one that is the past. Physical splitting up I mean, not smart collections. You can switch libraries by holding the Alt(option) at startup of iPhoto.

  • RVS4000 L2TP IPSec

    Currently trying to establish L2TP IPSec VPN tunnels between Windows XP remote client and Windows 2003 RRAS Server.
    Both the XP remote client and the W2003 RRAS Server are behind RVS4000 routers.
    Have established that the W2003 RRAS server will accept L2TP IPSec connections from clients behind the Cisco RVS4000 router [LAN clients].
    Can not establish remote L2TP IPSec connections through the RVS4000 routers. Have established that PPTP VPN through the RVS4000 routers. Both routers are running version 1.3.0.5
    Both RVS 4000 routers are configured for PPTP, IPSec, & L2TP VPN passthrough with UDP port 1701 being forwarded to the RRAS server by the
    RVS 4000 router. PPTP VPN connections have no problem.
    Error code is 792
    The problem appears to be with IPSec passthrough.  UDP port 1701 is being forwarded to the RRAS server. Can not create port rules for IKE 500 or IP Protocol 50/4500 on the RVS4000 because those policies conflict with forwarding UDP1701.
    Any guidance on why the IPSec fails through the RVS4000 for remote access clients but IPSec is successful in establishing a connection to the RRAS server using LAN clients.

    I repeat one more time: Never ever forward port UDP 1701. You don't want to expose the L2TP server to the internet. If the server is configured correctly on your VPN server then it won't accept direct access to UDP port 1701 anyway. But still you don't want to do it.
    L2TP or better L2TP over IPSec tunnels L2TP traffic on UDP 1701 inside an IPSec tunnel between the client and the server. If you run your VPN server inside your LAN behind a NAT router all you ever want to forward for that purpose is IPSec, i.e. ports UDP 500 and TCP/UDP 4500. Nothing else. For L2TP over IPSec all the router will ever see is IPSec traffic. The L2TP traffic is encrypted inside the IPSec tunnel. The router does not know about this.
    If you forward UDP 1701 to your L2TP server you expose the L2TP server directly to the internet, removing the pre-shared key or certificate authentication and encryption of IPSec. All L2TP is completely unencrypted, then if someone has an L2TP (with no IPSec) client to connect.
    The standard Windows L2TP/IPSec won't connect directly to L2TP without IPSec.
    Even if the RVL allows you to forward UDP 1701 don't do it. If your VPN connection to your VPN server only works with this forwarding in place then you have a big problem with your whole VPN configuration because as I have mentioned before the router should never see any VPN traffic on UDP 1701 as it is supposed to be fully encrypted and hidden inside the IPSec tunnel...

  • AC100 - No VPN L2TP/IPSec PSK available

    Android 2.2 (Froyo) devices show for VPN connections the following possibilities: PPTP, L2TP, L2TP/IPSec PSK and L2TP/IPSec CRT (checked on serveral brands smartphones).
    The AC100 is only showing PPTP and L2TP, so no L2TP/IPSec at all.
    Any idea why they are missing and how to resolve this?
    Need L2TP/IPSec for a VPN connection with a Sonicwall 3060/Pro.
    Here's a description how to connect:[https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8658]

    Hi
    As far as I know the L2TP/IPSec is available only for routed android devices.
    So possibly this is the reason why the L2TP/IPSec in not available for AC100.
    I found here a nice Android L2TP/IPSec VPN HowTo
    http://blogs.nopcode.org/brainstorm/2010/08/22/android-l2tpipsec-vpn-mini-howto/
    Maybe this could be helpful a little bit!

  • Solaris 11 responds to IPSEC VPN traffic ONLY one direction

    I have established a IPSEC VPN tunnel between my remote solaris 11 and office Sonicwall router using Site to Site. Everything works fine if the traffic initiates from the Solaris side. However when I try to ping or any network services like nfs,ssh, samb, etc. on the remote solaris box from our office. The server does NOT respond to the incoming packets but packets are going through the tunnel and appears on the remote end when I do snoop –d tun0 and snoop –I vnic0. What I do notice is that snoop –d vnic0 shows no packets and it doesn’t seem to get any traffic at all (see netstat –rn). Could it be my routing table? Ip zones? Any ideas? I followed the Oracle Documents very carefully and with extra help from other extern Solaris 11 admin sites. I know people would suggest using OpenSwan or OpenVPN but this setup should work.
    Here is the network info on my IPSEC VPN setup. Tunnel is configured in Transport Mode and IPSEC/IKE is working fine.
    Solaris 11 vnic0/10.4.0.1/24, external Internet Nic is nge0/209.xxx.xxx.194/25
    # dladm show-link
    LINK CLASS MTU STATE OVER
    nge0 phys 1500 up --
    tun0 iptun 1402 up --
    vnic0 vnic 1500 up nge0
    # dladm show-iptun
    LINK TYPE FLAGS LOCAL REMOTE
    tun0 ipv4 s- 209.xxx.xxx.194 64.xxx.xxx.34
    # ipadm show-if
    IFNAME CLASS STATE ACTIVE OVER
    lo0 loopback ok yes --
    nge0 ip ok yes --
    vnic0 ip ok yes --
    tun0 ip ok yes --
    # ipadm show-addr
    ADDROBJ TYPE STATE ADDR
    lo0/v4 static ok 127.0.0.1/8
    nge0/v4 static ok 209.xxx.xxx.194/25
    vnic0/inside static ok 10.4.0.1/24
    tun0/v4 static ok 10.4.0.1->172.20.0.1
    lo0/v6 static ok ::1/128
    # netstat -rn
    Routing Table: IPv4
    Destination Gateway Flags Ref Use Interface
    default 209.xxx.xxx.129 UG 6 16874898 nge0
    10.4.0.0 10.4.0.1 U 2 0 vnic0
    10.181.0.0 172.20.0.1 UGS 3 16862235 tun0
    127.0.0.1 127.0.0.1 UH 2 1786 lo0
    172.20.0.1 10.4.0.1 UH 3 16862235 tun0
    Routing Table: IPv6
    Destination/Mask Gateway Flags Ref Use If
    ::1 ::1 UH 2 42 lo0
    # routeadm
    Configuration Current Current
    Option Configuration System State
    IPv4 routing disabled disabled
    IPv6 routing disabled disabled
    IPv4 forwarding disabled disabled
    IPv6 forwarding disabled disabled
    Routing services "route:default ripng:default"
    Routing daemons:
    STATE FMRI
    disabled svc:/network/routing/ripng:default
    disabled svc:/network/routing/rdisc:default
    disabled svc:/network/routing/route:default
    disabled svc:/network/routing/legacy-routing:ipv4
    disabled svc:/network/routing/legacy-routing:ipv6
    online svc:/network/routing/ndp:default
    Solaris># ping 10.181.1.218
    10.181.1.218 is alive
    C:\>ping 10.4.0.1
    Pinging 10.4.0.1 with 32 bytes of data:
    Request timed out.
    Request timed out.
    # snoop -d tun0 10.181.1.218
    Using device tun0 (promiscuous mode)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 33) (1 encap)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 34) (1 encap)
    # snoop -I vnic0 10.181.1.218
    Using device ipnet/vnic0 (promiscuous mode)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 36)
    10.181.1.218-> 10.4.0.1 -i ICMP Echo request (ID: 1 Sequence number: 37)
    # ipadm show-prop
    PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    ipv4 forwarding rw off off off on,off
    ipv4 ttl rw 255 -- 255 1-255
    ipv6 forwarding rw off -- off on,off
    ipv6 hoplimit rw 255 -- 255 1-255
    ipv6 hostmodel rw weak -- weak strong,
    src-priority,
    weak
    ipv4 hostmodel rw strong strong weak strong,
    src-priority,
    weak
    icmp max_buf rw 262144 -- 262144 65536-1073741824
    icmp recv_buf rw 8192 -- 8192 4096-262144
    icmp send_buf rw 8192 -- 8192 4096-262144
    tcp cong_default rw newreno -- newreno newreno,cubic,
    highspeed,vegas
    tcp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
    highspeed, highspeed, highspeed,vegas
    vegas vegas
    tcp ecn rw passive -- passive never,passive,
    active
    tcp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    tcp largest_anon_port rw 65535 -- 65535 32768-65535
    tcp max_buf rw 1048576 -- 1048576 128000-1073741824
    tcp recv_buf rw 128000 -- 128000 2048-1048576
    tcp sack rw active -- active never,passive,
    active
    tcp send_buf rw 49152 -- 49152 4096-1048576
    tcp smallest_anon_port rw 32768 -- 32768 1024-65535
    tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    udp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    udp largest_anon_port rw 65535 -- 65535 32768-65535
    udp max_buf rw 2097152 -- 2097152 65536-1073741824
    udp recv_buf rw 57344 -- 57344 128-2097152
    udp send_buf rw 57344 -- 57344 1024-2097152
    udp smallest_anon_port rw 32768 -- 32768 1024-65535
    udp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    sctp cong_default rw newreno -- newreno newreno,cubic,
    highspeed,vegas
    sctp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
    highspeed, highspeed, highspeed,vegas
    vegas vegas
    sctp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    sctp largest_anon_port rw 65535 -- 65535 32768-65535
    sctp max_buf rw 1048576 -- 1048576 102400-1073741824
    sctp recv_buf rw 102400 -- 102400 8192-1048576
    sctp send_buf rw 102400 -- 102400 8192-1048576
    sctp smallest_anon_port rw 32768 -- 32768 1024-65535
    sctp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    # ipadm show-addrprop
    ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    lo0/v4 broadcast r- -- -- -- --
    lo0/v4 deprecated rw off -- off on,off
    lo0/v4 prefixlen rw 8 8 8 1-30,32
    lo0/v4 private rw off -- off on,off
    lo0/v4 reqhost r- -- -- -- --
    lo0/v4 transmit rw on -- on on,off
    lo0/v4 zone rw global -- global --
    nge0/v4 broadcast r- 209.xxx.xxx.255 -- 209.xxx.xxx.255 --
    nge0/v4 deprecated rw off -- off on,off
    nge0/v4 prefixlen rw 25 25 24 1-30,32
    nge0/v4 private rw on on off on,off
    nge0/v4 reqhost r- -- -- -- --
    nge0/v4 transmit rw on -- on on,off
    nge0/v4 zone rw global -- global --
    vnic0/inside broadcast r- 10.4.0.255 -- 10.255.255.255 --
    vnic0/inside deprecated rw off -- off on,off
    vnic0/inside prefixlen rw 24 24 8 1-30,32
    vnic0/inside private rw off -- off on,off
    vnic0/inside reqhost r- -- -- -- --
    vnic0/inside transmit rw on -- on on,off
    vnic0/inside zone rw global -- global --
    tun0/v4 broadcast r- -- -- -- --
    tun0/v4 deprecated rw off -- off on,off
    tun0/v4 prefixlen rw -- -- -- --
    tun0/v4 private rw off -- off on,off
    tun0/v4 reqhost r- -- -- -- --
    tun0/v4 transmit rw on -- on on,off
    tun0/v4 zone rw global -- global --
    ipadm show-ifprop
    IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    nge0 arp ipv4 rw on -- on on,off
    nge0 forwarding ipv4 rw off off off on,off
    nge0 metric ipv4 rw 0 -- 0 --
    nge0 mtu ipv4 rw 1500 -- 1500 68-1500
    nge0 exchange_routes ipv4 rw on -- on on,off
    nge0 usesrc ipv4 rw none -- none --
    nge0 forwarding ipv6 rw off -- off on,off
    nge0 metric ipv6 rw 0 -- 0 --
    nge0 mtu ipv6 rw 1500 -- 1500 1280-1500
    nge0 nud ipv6 rw on -- on on,off
    nge0 exchange_routes ipv6 rw on -- on on,off
    nge0 usesrc ipv6 rw none -- none --
    nge0 group ip rw -- -- -- --
    nge0 standby ip rw off -- off on,off
    vnic0 arp ipv4 rw on -- on on,off
    vnic0 forwarding ipv4 rw on on off on,off
    vnic0 metric ipv4 rw 0 -- 0 --
    vnic0 mtu ipv4 rw 1500 -- 1500 68-1500
    vnic0 exchange_routes ipv4 rw on -- on on,off
    vnic0 usesrc ipv4 rw none -- none --
    vnic0 group ip rw -- -- -- --
    vnic0 standby ip rw off -- off on,off
    tun0 arp ipv4 rw off -- on on,off
    tun0 forwarding ipv4 rw on on off on,off
    tun0 metric ipv4 rw 0 -- 0 --
    tun0 mtu ipv4 rw 1402 -- 1402 68-65515
    tun0 exchange_routes ipv4 rw on -- on on,off
    tun0 usesrc ipv4 rw none -- none --
    tun0 group ip rw -- -- -- --
    tun0 standby ip rw off -- off on,off
    Edited by: user1233039 on Jun 20, 2012 9:18 AM

    I have established a IPSEC VPN tunnel between my remote solaris 11 and office Sonicwall router using Site to Site. Everything works fine if the traffic initiates from the Solaris side. However when I try to ping or any network services like nfs,ssh, samb, etc. on the remote solaris box from our office. The server does NOT respond to the incoming packets but packets are going through the tunnel and appears on the remote end when I do snoop –d tun0 and snoop –I vnic0. What I do notice is that snoop –d vnic0 shows no packets and it doesn’t seem to get any traffic at all (see netstat –rn). Could it be my routing table? Ip zones? Any ideas? I followed the Oracle Documents very carefully and with extra help from other extern Solaris 11 admin sites. I know people would suggest using OpenSwan or OpenVPN but this setup should work.
    Here is the network info on my IPSEC VPN setup. Tunnel is configured in Transport Mode and IPSEC/IKE is working fine.
    Solaris 11 vnic0/10.4.0.1/24, external Internet Nic is nge0/209.xxx.xxx.194/25
    # dladm show-link
    LINK CLASS MTU STATE OVER
    nge0 phys 1500 up --
    tun0 iptun 1402 up --
    vnic0 vnic 1500 up nge0
    # dladm show-iptun
    LINK TYPE FLAGS LOCAL REMOTE
    tun0 ipv4 s- 209.xxx.xxx.194 64.xxx.xxx.34
    # ipadm show-if
    IFNAME CLASS STATE ACTIVE OVER
    lo0 loopback ok yes --
    nge0 ip ok yes --
    vnic0 ip ok yes --
    tun0 ip ok yes --
    # ipadm show-addr
    ADDROBJ TYPE STATE ADDR
    lo0/v4 static ok 127.0.0.1/8
    nge0/v4 static ok 209.xxx.xxx.194/25
    vnic0/inside static ok 10.4.0.1/24
    tun0/v4 static ok 10.4.0.1->172.20.0.1
    lo0/v6 static ok ::1/128
    # netstat -rn
    Routing Table: IPv4
    Destination Gateway Flags Ref Use Interface
    default 209.xxx.xxx.129 UG 6 16874898 nge0
    10.4.0.0 10.4.0.1 U 2 0 vnic0
    10.181.0.0 172.20.0.1 UGS 3 16862235 tun0
    127.0.0.1 127.0.0.1 UH 2 1786 lo0
    172.20.0.1 10.4.0.1 UH 3 16862235 tun0
    Routing Table: IPv6
    Destination/Mask Gateway Flags Ref Use If
    ::1 ::1 UH 2 42 lo0
    # routeadm
    Configuration Current Current
    Option Configuration System State
    IPv4 routing disabled disabled
    IPv6 routing disabled disabled
    IPv4 forwarding disabled disabled
    IPv6 forwarding disabled disabled
    Routing services "route:default ripng:default"
    Routing daemons:
    STATE FMRI
    disabled svc:/network/routing/ripng:default
    disabled svc:/network/routing/rdisc:default
    disabled svc:/network/routing/route:default
    disabled svc:/network/routing/legacy-routing:ipv4
    disabled svc:/network/routing/legacy-routing:ipv6
    online svc:/network/routing/ndp:default
    Solaris># ping 10.181.1.218
    10.181.1.218 is alive
    C:\>ping 10.4.0.1
    Pinging 10.4.0.1 with 32 bytes of data:
    Request timed out.
    Request timed out.
    # snoop -d tun0 10.181.1.218
    Using device tun0 (promiscuous mode)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 33) (1 encap)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 34) (1 encap)
    # snoop -I vnic0 10.181.1.218
    Using device ipnet/vnic0 (promiscuous mode)
    10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 36)
    10.181.1.218-> 10.4.0.1 -i ICMP Echo request (ID: 1 Sequence number: 37)
    # ipadm show-prop
    PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    ipv4 forwarding rw off off off on,off
    ipv4 ttl rw 255 -- 255 1-255
    ipv6 forwarding rw off -- off on,off
    ipv6 hoplimit rw 255 -- 255 1-255
    ipv6 hostmodel rw weak -- weak strong,
    src-priority,
    weak
    ipv4 hostmodel rw strong strong weak strong,
    src-priority,
    weak
    icmp max_buf rw 262144 -- 262144 65536-1073741824
    icmp recv_buf rw 8192 -- 8192 4096-262144
    icmp send_buf rw 8192 -- 8192 4096-262144
    tcp cong_default rw newreno -- newreno newreno,cubic,
    highspeed,vegas
    tcp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
    highspeed, highspeed, highspeed,vegas
    vegas vegas
    tcp ecn rw passive -- passive never,passive,
    active
    tcp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    tcp largest_anon_port rw 65535 -- 65535 32768-65535
    tcp max_buf rw 1048576 -- 1048576 128000-1073741824
    tcp recv_buf rw 128000 -- 128000 2048-1048576
    tcp sack rw active -- active never,passive,
    active
    tcp send_buf rw 49152 -- 49152 4096-1048576
    tcp smallest_anon_port rw 32768 -- 32768 1024-65535
    tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    udp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    udp largest_anon_port rw 65535 -- 65535 32768-65535
    udp max_buf rw 2097152 -- 2097152 65536-1073741824
    udp recv_buf rw 57344 -- 57344 128-2097152
    udp send_buf rw 57344 -- 57344 1024-2097152
    udp smallest_anon_port rw 32768 -- 32768 1024-65535
    udp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    sctp cong_default rw newreno -- newreno newreno,cubic,
    highspeed,vegas
    sctp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
    highspeed, highspeed, highspeed,vegas
    vegas vegas
    sctp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
    sctp largest_anon_port rw 65535 -- 65535 32768-65535
    sctp max_buf rw 1048576 -- 1048576 102400-1073741824
    sctp recv_buf rw 102400 -- 102400 8192-1048576
    sctp send_buf rw 102400 -- 102400 8192-1048576
    sctp smallest_anon_port rw 32768 -- 32768 1024-65535
    sctp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
    # ipadm show-addrprop
    ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    lo0/v4 broadcast r- -- -- -- --
    lo0/v4 deprecated rw off -- off on,off
    lo0/v4 prefixlen rw 8 8 8 1-30,32
    lo0/v4 private rw off -- off on,off
    lo0/v4 reqhost r- -- -- -- --
    lo0/v4 transmit rw on -- on on,off
    lo0/v4 zone rw global -- global --
    nge0/v4 broadcast r- 209.xxx.xxx.255 -- 209.xxx.xxx.255 --
    nge0/v4 deprecated rw off -- off on,off
    nge0/v4 prefixlen rw 25 25 24 1-30,32
    nge0/v4 private rw on on off on,off
    nge0/v4 reqhost r- -- -- -- --
    nge0/v4 transmit rw on -- on on,off
    nge0/v4 zone rw global -- global --
    vnic0/inside broadcast r- 10.4.0.255 -- 10.255.255.255 --
    vnic0/inside deprecated rw off -- off on,off
    vnic0/inside prefixlen rw 24 24 8 1-30,32
    vnic0/inside private rw off -- off on,off
    vnic0/inside reqhost r- -- -- -- --
    vnic0/inside transmit rw on -- on on,off
    vnic0/inside zone rw global -- global --
    tun0/v4 broadcast r- -- -- -- --
    tun0/v4 deprecated rw off -- off on,off
    tun0/v4 prefixlen rw -- -- -- --
    tun0/v4 private rw off -- off on,off
    tun0/v4 reqhost r- -- -- -- --
    tun0/v4 transmit rw on -- on on,off
    tun0/v4 zone rw global -- global --
    ipadm show-ifprop
    IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
    nge0 arp ipv4 rw on -- on on,off
    nge0 forwarding ipv4 rw off off off on,off
    nge0 metric ipv4 rw 0 -- 0 --
    nge0 mtu ipv4 rw 1500 -- 1500 68-1500
    nge0 exchange_routes ipv4 rw on -- on on,off
    nge0 usesrc ipv4 rw none -- none --
    nge0 forwarding ipv6 rw off -- off on,off
    nge0 metric ipv6 rw 0 -- 0 --
    nge0 mtu ipv6 rw 1500 -- 1500 1280-1500
    nge0 nud ipv6 rw on -- on on,off
    nge0 exchange_routes ipv6 rw on -- on on,off
    nge0 usesrc ipv6 rw none -- none --
    nge0 group ip rw -- -- -- --
    nge0 standby ip rw off -- off on,off
    vnic0 arp ipv4 rw on -- on on,off
    vnic0 forwarding ipv4 rw on on off on,off
    vnic0 metric ipv4 rw 0 -- 0 --
    vnic0 mtu ipv4 rw 1500 -- 1500 68-1500
    vnic0 exchange_routes ipv4 rw on -- on on,off
    vnic0 usesrc ipv4 rw none -- none --
    vnic0 group ip rw -- -- -- --
    vnic0 standby ip rw off -- off on,off
    tun0 arp ipv4 rw off -- on on,off
    tun0 forwarding ipv4 rw on on off on,off
    tun0 metric ipv4 rw 0 -- 0 --
    tun0 mtu ipv4 rw 1402 -- 1402 68-65515
    tun0 exchange_routes ipv4 rw on -- on on,off
    tun0 usesrc ipv4 rw none -- none --
    tun0 group ip rw -- -- -- --
    tun0 standby ip rw off -- off on,off
    Edited by: user1233039 on Jun 20, 2012 9:18 AM

  • L2TP/IPSec with PIX using EAP-TLS

    Hi,
    i have big problems with using my PIX515 (SW 7.2.1) for L2TP/IPSec VPN-Connections using EAP-TLS. With the option EAP-Proxy activated on PIX a RADIUS Access-Request Message reaches the configured RADIUS-SERVER (IAS2003), but the request is rejected by Radius. I did inspection of the packets with a sniffer and see following strange behavior:
    - There is a Tunnel-Client-Endpoint AVP with no value and, even stranger, an existing AVP titled User-Password with an encrypted value.
    I dont understand where the encrypted Password comes from in the first RADIUS Access-Request message received from the PIX, since the authentication method should be certificate-based (EAP-TLS). And I dont know either if the Tunnel-Client-Endpoint MUST be present in the message. Fact is the RADIUS responds with an Access-Reject Message.
    The other AVPs in the request seem to be OK, and there is an existend AVP titled EAP-Message (79) that seems alright...
    Other detail: In the event log on the IAS the request is logged as Type "PAP" (and not EAP as it should be!) and the log tells me about a problem with wrong username/password.
    Tested the same client and Radius configuration using a RRAS-Server from Microsoft instead of the PIX and it worked fine! Could this be a bug of the Pix EAP-Proxy function?
    EAP-Proxy should pass all EAP packets unmodified to the Radius, right? This seems not to be the case. Comparing the RADIUS Access-Request Message received from the Pix (which fails) with the RADIUS Access-Request Message received from the RRAS-Server (which successes) shows significant differences.
    Every help appreciated. Please ask me for further infos if needed or if you would like me to post the Packet Capture file (Ethereal format)/Configuration information.
    Thank you very much!!
    Best regards,
    Matthias

    The Cisco Secure PIX Firewall Software Release 6.0 supports VPN connections from the Cisco VPN Client 3.5 for Windows.Refer the following URL for more information
    http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml#configuringthepixfirewall

  • RVL200 Ipsec VPN Problems

    Hello Experts,
    I managed to establish an Ipsec VPN connetion with 2 RVL200s between 2 Locations. So far so good.
    It is possible to access network a form network b with WinXP PCs, but it is not possible to reach network a with Win7 PCs.
    Whereelse it is possible to reach network b from network a from either type of windows pc.
    And when you ping from the RVL200 (on both sides) to the other net you always get no replys to your ping.
    Settings on both RVL200s are equal, except for that one is going over ADSL (network a) and the other is behind a cable modem (network b).
    I have de-activated Firewalls, no change. Routing Tables look fine for me. IPv6 is de-activated in Win7 PCs. I have added static routes, no change.
    Does anyone know where else I could look for a solution?
    Many Thanks in advance.
    J. Radix

    Josef,
    You state that you can reach from both sides of the routers and ping xp machines but not windows 7 machines?  The router won't be restricting traffic based on operating systems on the lan, so I would look at possible firewalls on the windows 7 machines, anti-virus, nortons, anything that does packet inspection. 

  • Macbook clients cannot connect to Windows Server 2008 RRAS with L2TP/IPSec

    Hi everyone,
    I had installed "Remote and Routing Access" or a VPN server on Windows Server 2008. The connection type set up is L2TP/IPSec. All the Windows clients can connect to the L2TP/IPSec VPN server without problem but Macbook users are facing problem.
    The Macbook users got the error message "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."
    I think it is something related to the pre-shared key encryption but I am not sure. The Macbook users could connect if the connection type is changed to PPTP on server and clients side. I searched for similar problems and solutions online but no luck, I couldn't find solution that helps. I found this is a common problem faced by many macbook users.
    Does anyone have a solution or suggestion for this, please? I appreciate all the helps and suggestion given.
    Thanks,
    CK

    Hi,
    Thanks for the question, however, this forum is for Remote Desktop Clients related questions.
    Regarding the issue, as Windows clients can connect with no problem, I suspect that it is a Mac side issue and I would like to suggest you contact Apple support for help.
    Thanks.
    Jeremy Wu
    TechNet Community Support

  • IPSec VPN & wierd ping issue

    Hi,
    I have a RVS4000 at one location and a second RVS4000 at home.  I have established an IPSec VPN tunnel between them and it is UP.  I can ping the routers from each end no problem.  I can ping  the IPs listed in the "Local Group Setup" and the "Remote Group Setup" from both ends no problem.  I can even open up a shared resource from a Win 7 machine (e.g. by typing \\10.10.10.100\ in start-run from a computer on my home network).
    But - i can't ping anything else on one network from the other.  What gives?  I need to access a 10.10.10.101 machine but can't even ping it.
    - both RVS4000 boxes have latest firmware (V1.3.3.5)
    - home RVS4000 setup with IP 10.10.11.1
    - home network has a server with IP 10.10.11.20
    - other location RVS4000 setup with IP 10.10.10.1
    - other location server setup with IP 10.10.10.100
    Tunnel settings on home RVS4000 (the other location properly mirror these).
      - Local Security Gateway Type :  IP Only
      - Local Security Group Type : Subnet
      - IP Address : 10.10.11.20
      - Subnet Mask : 255.255.255.0
      - Remote Security Gateway Type : IP Only
      - Remote Security Group Type : Subnet
      - IP Address : 10.10.10.100
      - Subnet Mask :  255.255.255.0
    thanks,
    rwpatterson357

    hi
    Just out of interest, what happens when you change the following;
    Tunnel settings on home RVS4000 (the other location properly mirror these).
      - Local Security Gateway Type :  IP Only
      - Local Security Group Type : Subnet
      - IP Address : 10.10.11.20
      - Subnet Mask : 255.255.255.0
      - Remote Security Gateway Type : IP Only
      - Remote Security Group Type : Subnet
      - IP Address : 10.10.10.100
      - Subnet Mask :  255.255.255.0
    to
    Tunnel settings on home RVS4000 (the other location properly mirror these).
      - Local Security Gateway Type :  IP Only
      - Local Security Group Type : Subnet
      - IP Address : 10.10.11.0
      - Subnet Mask : 255.255.255.0
      - Remote Security Gateway Type : IP Only
      - Remote Security Group Type : Subnet
      - IP Address : 10.10.10.0
      - Subnet Mask :  255.255.255.0
    regards Dave

  • Windows Mobile 5.0 L2TP/IPSec native VPN to 3030

    Has anyone successfully setup a VPN using the built in VPN client in Windows Mobile 5.0 to a Cisco 3030? I am running into problems but have no idea why. I followed chapter 13 of "The Complete Cisco VPN Configuration Guide" from Cisco Press, to configure the L2TP/IPSec for Windows Client software, but still no luck. I would much rather use the native software from Windows Mobile rather than purchase a 3rd party app. Any help or reference's are greatly appreciated. Thanks in advance!

    Windows Mobile user 5.0 doesnt work with cisoc 3030. Mobile client requests a domain name on the credentials, which seems to be as "not valid" on the concentrator.

Maybe you are looking for

  • Weblogic server is not responding when executing pl/sql procedure from jdev

    Dear Sir, i am using jdeveloper11g and oracle database with oracle spatial and i wrote procedure in database and executed perfect from sql plus but same procedure when i am trying to execute from jdeveloper its like hanging and giving following error

  • Slow to navigate - only initially

    I'm having a unique problem with my new iMac. When I open a new browser instance, it loads my home page fine. However, when I try to navigate somewhere else, there is an extended delay. This delay is only there for the first 1 or 2 sites I try to hit

  • Can i user UserTransaction  in a Container-managed transaction Bean

    can i use UserTransaction to control transaction boundaries in a container-managed transaction bean method? below is the method: there is one-to-many between Employees and SalaryItem @TransactionAttribute(value = TransactionAttributeType.REQUIRED) pr

  • Need to Block storage location through physical inventory process

    Hello My client want to Block few storage locations not through authorisation objects but using physical inventory process. can this be achieved through any configuration settings so that when we run physical count the SLoc blocks till the count comp

  • How much longer will iPad 3s be good

    I Have a 2012 iPad 3 and it still works fine for me, and I updated it to iOS 7. But when will it become obsolete for software upgrades? I've put off buying a MacBook Air since  if I'll have to retire my iPad within the next year, I figure I'll purcha