Vpn WRVS4400N problem

Similar Messages

• Out of ideas diagnosing VPN connection problems

  I'm having trouble narrowing down what's causing the VPN connection problems to my new Mini Server. Sometimes I can connect just fine with my MacBookPro and use all the resources like file sharing, etc. So, this leads me to believe it has been setup correctly. But then, for no reason at all (maybe it's later in the same day, or a completely different day) it will just stop working and I cannot connect at all.
  *MacBook and iMac at home cannot connect, but iPhone can*
  This is what's really throwing me off. This afternoon, I cannot connect to the server from home with my MacBook or my iMac. BUT, my iPhone can -using the same WiFi network my computers are on, not the cellular network. How could that be? The VPN settings on all 3 devices match exactly.
  *Colleagues with other ISP's can connect, while I cannot*
  I've called Comcast business (which provides the static IP for our office server) and they tell me all my settings are correct for allowing VPN traffic through. Likewise, Comcast Residential tells me there is nothing that would block VPN traffic from my home. They tell me to talk with Apple. argh!
  *Web and Server Admin services are still accessible when VPN is not working*
  We have exposed the Server's Web and Admin services without needing a VPN connection to access them. Since these services are accessible to me even when the VPN is not working, this leads me to believe the server is operating normally and capable of receiving incoming traffic.
  I'm out of ideas and I'm starting to lose my mind!!! Any ideas on why my 2 computers sometimes can connect, yet sometimes cannot...all the while, my iPhone can connect just fine over the same network???

  I don't have an explanation for the erratic nature of your connections. It's only as I've said before, in my experiences with such problems it has always traced back to misconfigured network or DNS settings. mDNS is multicast DNS and it's a protocol Apple uses so its devices can find each other easily. That may be the reason why your iPhone can connect when other things can't.
  To take a step back, here is how I think things should be set up:
  \- Your dedicated IP address should be assigned to your router automatically through PPPoE
  \- The name servers as set in your router should be your ISP's name servers
  \- Make sure the server has only one connection to the router that is managing the dedicated IP, either wired or wireless, but not both
  \- A static network address should be assigned to your server's MAC address in the router's DHCP settings
  \- The server's network address should be put in the DMZ on the router or set as the default server in the NAT settings, depending on the router
  \- The network settings in System Preferences on the server should be set to DHCP with manual address and the server's network address entered correctly
  \- The router address should be listed correctly in the network settings in System Preferences on the server
  \- The name servers in the network settings in System Preferences on the server should be 127.0.0.1 and the router's IP address, nothing else.
  \- The zone files on the server should have a primary and reverse zone for each domain name and its network address. Do not use the dedicated IP address in the zone files on the server.
  If everything is set as I described, it should work. If it doesn't, it's time to call a witch doctor or an exorcist.

• Can't connect VPN WRVS4400N to Cisco800

  Hello,
  I'm connected from home to my office in VPN. The office router is a Cisco800.
  I just replaced at home my BEFSX41 VPN router with the WRVS4400N V2 but I can't connect to my office.
  There was no problem with the BEFSX41 in VPN, and I encoded the same configuration in the WRVS4400N. The status stays DOWN...
  This is the VPN log:
  Mar  8 09:35:04  - [VPN Log]: "dvc": terminating SAs using this connection
  Mar  8 09:35:04  - [VPN Log]: "dvc" #1: deleting state (STATE_MAIN_I3)
  Mar  8 09:35:08  - [VPN Log]: "dvc" #2: initiating Main Mode
  Mar  8 09:35:08  - [VPN Log]: "dvc" #2: received Vendor ID payload [RFC 3947] method set to=109
  Mar  8 09:35:08  - [VPN Log]: "dvc" #2: enabling possible NAT-traversal with method 3
  Mar  8 09:35:08  - [VPN Log]: "dvc" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  Mar  8 09:35:08  - [VPN Log]: "dvc" #2: STATE_MAIN_I2: sent MI2, expecting MR2
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: received Vendor ID payload [Cisco-Unity]
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: received Vendor ID payload [Dead Peer Detection]
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: ignoring unknown Vendor ID payload [64049a064ce182734231be596e3f231c]
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: received Vendor ID payload [XAUTH]
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: I did not send a certificate because I do not have one.
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: NAT-Traversal: Result using 3: peer is NATed
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: STATE_MAIN_I3: sent MI3, expecting MR3
  Mar  8 09:35:09  - [VPN Log]: | protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: Main mode peer ID is ID_IPV4_ADDR: '192.168.254.2'
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: we require peer to have ID '91.183.hidden*.hidden*', but peer declares '192.168.254.2'
  Mar  8 09:35:09  - [VPN Log]: "dvc" #2: sending encrypted notification INVALID_ID_INFORMATION to 91.183.hidden*.hidden*:4500
  *Hidden by me
  If seems something block...
  What is "but peer declares '192.168.254.2"
  Any ideas?
  Thank you.
  Pierre

  Andrea:
  How can we help you with this in the wireless forums?

• Remote access vpn ESP problem

  I have remote access vpn configured on cisco 2901 router. Everything works good exept ipad 2 3g. When i am connecting with ipad from 3g network it connects but  it is unable to access corporate resources. I talked to my telephone provaider and they told me that they have some nat problems with ESP. and adviced me to force vpn clients to use udp ports 500 and 4500. How i have to configure my router to accomplish this ?
  Thanks in advance

  Hello,
  Isakmp uses port UDP 500 for the managment connection establishment ( Phase 1).
  NAT-T ( used when they are nat devices in between two VPN endpoints) uses port UDP 4500.
  So on your Router NAT-T is configured by default, all you got to do is if you have an ACL on the outside interface allow this traffic (Isakamp and NAT T) On some of the newer IOS versions you do not have to apply the ACL as by default the VPN traffic (encrypted traffic bypasses the ACL).
  So your requirement is done by default, great thing right!! You can let your Telephone provider you are ready for the test.
  Julio
  Do rate all helpful posts!!

• VPN connection problem

  I am currently unable to connect to my VPN server with either of 2 Lion machines 2010 white MacBook and a black MacBook .  I run iVPN (L2TP) on an old PPC Mac Mini, my iPhone and iPad still connect instantly.  When the Lion machines try to connect for they try for about a minute and fail returning  "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."  I currently have my router setup to port foward and use a dynamic DNS.  I tried connecting straight to the VPN directly by changing to the internal LAN IP still no luck.  Any suggestions

  I've been out of my SonicWall VPN since I upgraded to Lion last week.  Found a trick and succeeded.  I had to reconfigure the settings on the Sonicwall and make sure that the phase 1 and phase 2 authentications were using AES encryption rather than 3DES.
  That did the trick and I was back in.
  Of course now my 10.6.8 clients are out - I'll post more on that front if I figure it out.

• Vpn authentication problem

  I have 2 AD account in 2 domain, Singapore and China. Both dom are under 1 forest. Problem is when I used Cisco VPN to connect to Singapore firewall but used China AD account & password, authentication failed. But when I used Cisco VPN to connect to China firewall but used Singapore AD account & password, authentication works. Why ? Please help an thanks.

  Muhammad,
  I think you have an issue with your AD search order....try adding the domain OU prefix with a "\" then the username i.e:-
  domain\username
  HTH.

• VPN tunnel Problem

  Hi all ,
  I need create VPN tunnels between two  ASAs devices . And these devices are connected through DSL . And as you know in this case we use private outside IP address , because there is  a NAT device at the outside . The problem is that no VPN tunnel is created even though all the parameters and the pre-shared-key are typical .

  I hve allready configured following configuration.
  no crypto map newmap interface outside
  no crypto map newmap 171 set peer 195.11.199.144
  no isakmp key ********* address 195.11.199.144 netmask 255.255.255.255 no-xauth no-config-mode
  crypto map newmap 171 set peer 195.11.204.5
  isakmp key ******** address 195.11.204.5 netmask 255.255.255.255 no-xauth no-config-mode
  clear crypto ipsec sa
  clear crypto isakmp sa
  crypto map newmap interface outside
  Setting were applied successfully however Still VPN tunnel is not been initiated.

• VPN Communication Problem

  I have created a working VPN between a remote PC with Cisco VPN Client and Easy VPN server on Cisco 1802 (DSL). The Router has an dynamic external IP and is accessible over DynDNS. The problem is not the VPN connetion, but the communication between the remote PC and LAN behind the router.
  Ping functions to all devices on the LAN
  telnet 25 functions
  DNS functions
  Access to shares is taking ages, functions then sometimes, usually runs it into a Timeout
  HTTP is taking ages and breaks then
  Remotedesktop to a 2k server breaks
  Remotedesktop to a 2k3 server opens the server window, but before the login mask breaks
  Application Security Log of the SDM:
  JAN 16 14:09:35.902 PC Time DROP PKT Dropping tcp pkt 192.168.121.15:80 => 192.168.122.5:4293
  JAN 16 14:11:35.662 PC Time DROP PKT Dropping tcp pkt 192.168.122.5:4302 => 192.168.121.15:3389
  Any idea's what's wrong with the config?

  Hi there,
  I see some issues here:
  1. Increase the value in the command:
  ip tcp synwait-time 10
  2. Remove following command from the interface Dialer0 config:
  ip route-cache flow
  3. On the VPN client PC, open the SetMTU utiliy (in the VPN client folder) and set the MTU on the interface to 1300.
  Start the above steps and test after each.
  Please rate if this helped.
  Regards,
  Daniel

• VPN CLIENT PROBLEM

  Hi
  I have a problem with ping in VPN Client,
  In this senario, the VPN client should be able to ping PC-4 through ASA-1 (Site-A)but it could not.
  The router is able to ping Z.Z.Z.0/24.
  The Tunnel and VPN client are working.
  1. PC-1 can connect to ASA-1 and ping Network 20.20.0.0/16 and 10.10.10.0/24 but cannot ping PC-4.
  2. PC-2 can ping PC-1 and PC-3 but cannot ping PC-4.
  3. If PC-3 gateway be 10.10.10.1 , It can ping Z.Z.Z.2.
  4. If PC-3 gateway be 10.10.10.20 , It cannot ping Z.Z.Z.2.
  5. ASA-1 can ping ASA-2 and 10.10.10.1/24 but cannot ping Z.Z.Z.2.
  6. ASA-2 can ping ASA-1 and Z.Z.Z.2.
  This is my config on ASA-1 and ASA-2:
  hostname ASA-1
  interface G0/0
  nameif Outside
  security-level 0
  ip address x.x.x.1 255.255.255.224
  NO SHUT
  interface G0/3
  nameif Inside
  security-level 100
  ip address 20.20.0.1 255.255.0.0
  NO SHUT
  route Outside 0.0.0.0 0.0.0.0 x.x.x.2 1
  object-group network DM_INLINE_NETWORK_1
  network-object 10.10.10.0 255.255.255.0
  network-object 20.20.0.0 255.255.0.0
  network-object z.z.z.0 255.255.255.0
  ip local pool ATA 20.20.0.20-20.20.20.255 mask 255.255.0.0
  access-list 100 extended permit icmp any any
  access-group 100 in interface Outside
  global (Outside) 1 interface
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 1
  lifetime 86400
  crypto isakmp policy 20
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp enable Outside
  tunnel-group y.y.y.1 type ipsec-l2l
  tunnel-group y.y.y.1 ipsec-attributes
  pre-shared-key 1234
  group-policy ATA internal
  group-policy ATA attributes
  vpn-tunnel-protocol IPSec
  username TEST password TEST privilege 0
  username TEST attributes
  vpn-group-policy ATA
  tunnel-group ATA type remote-access
  tunnel-group ATA general-attributes
  address-pool ATA
  default-group-policy ATA
  tunnel-group ATA ipsec-attributes
  pre-shared-key 1234
  access-list Outside_1_Cryptomap extended permit ip 20.20.0.0 255.255.0.0 z.z.z.0 255.255.255.0
  access-list Outside_1_Cryptomap extended permit ip 20.20.0.0 255.255.0.0 10.10.10.0 255.255.255.0
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto map Outside_map 1 set pfs group1
  crypto map Outside_map 1 set peer y.y.y.200
  crypto map Outside_map 1 match address Outside_1_Cryptomap
  crypto map Outside_map 1 set transform-set ESP-3DES-SHA
  crypto map Outside_map 1 set security-association lifetime kilobytes 10000
  crypto map Outside_map interface Outside
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group2
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA
  crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  access-list Inside_nat0_Outside extended permit ip 20.20.0.0 255.255.0.0 10.10.10.0 255.255.255.0
  access-list Inside_nat0_Outside extended permit ip 20.20.0.0 255.255.0.0 z.z.z.0 255.255.255.0
  access-list Inside_nat0_Outside extended permit ip object-group DM_INLINE_NETWORK_1 20.20.0.0 255.255.224.0
  nat (Inside) 0 access-list Inside_nat0_Outside
  nat (Inside) 1 0.0.0.0 0.0.0.0
  policy-map global_policy
  class inspection_default
    inspect icmp
  same-security-traffic permit intra-interface
  management-access Inside
  hostname ASA-2
  interface E0/0
  nameif Outside
  security-level 0
  ip address y.y.y.1 255.255.255.192
  NO SHUT
  interface E0/3
  nameif Inside
  security-level 100
  ip address 10.10.10.20 255.255.255.0
  NO SHUT
  route Outside 0.0.0.0 0.0.0.0 y.y.y.2 1
  route Inside z.z.z.0 255.255.255.0 10.10.10.1 1
  access-list 100 extended permit icmp any any
  access-group 100 in interface Outside
  global (Outside) 1 interface
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 1
  lifetime 86400
  crypto isakmp enable Outside
  tunnel-group x.x.x.1 type ipsec-l2l
  tunnel-group x.x.x.1 ipsec-attributes
  pre-shared-key 1234
  access-list Outside_1_Cryptomap extended permit ip 10.10.10.0 255.255.255.0 20.20.0.0 255.255.0.0
  access-list Outside_1_Cryptomap extended permit ip z.z.z.0 255.255.255.0 20.20.0.0 255.255.0.0
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto map Outside_map 1 set pfs group1
  crypto map Outside_map 1 set peer x.x.x.1
  crypto map Outside_map 1 match address Outside_1_Cryptomap
  crypto map Outside_map 1 set transform-set ESP-3DES-SHA
  crypto map Outside_map 1 set security-association lifetime kilobytes 10000
  crypto map Outside_map interface Outside
  access-list Inside_nat0_Outside extended permit ip 10.10.10.0 255.255.255.0 20.20.0.0 255.255.0.0
  access-list Inside_nat0_Outside extended permit ip z.z.z.0 255.255.255.0 20.20.0.0 255.255.0.0
  nat (Inside) 0 access-list Inside_nat0_Outside
  nat (Inside) 1 0.0.0.0 0.0.0.0
  policy-map global_policy
  class inspection_default
    inspect icmp
  same-security-traffic permit intra-interface
  management-access Inside
  Regards

  Hi,
  My suggestion to your puzzle  is to  either load your ASDM real time log and observe the logs while one host tries to ping each other and take notes on the log , this should provide you with  information  and some clues on what the issue could be.  You may also try  to packet capture in ASA-2  , either way,  I would start with easiest one which is  realtime log on ASDM.
  Could you provide the folloing:
  1 - Post output of    c:\ipconfig /all    from PC-4  z.z.z.2/24
  2 - Post output of     show ip route     from Router   where PC-4 subnet is routed from
  Regards

• VPN / NAT Problem

  Hi I have quite a complex (to explain) VPN problem, I've built a model in GNS3 but I still cant get it to work. here is the topology
  1. SiteW is the main site, if W-CLient wants to talk to S-Client (on SiteS) the traffic is simply NATTED to 106.200.194.240 and sent there (this works fine).
  2. SiteB is a new site, Ive set that up with a Site to Site VPN, that works fine.
  New Requirement
  If a user at SiteB wants to Talk to a Client at SiteS, then the traffic should go over the existing VPN to W-FW1 then get decrypted and routed there. This is the bit I CANNOT despite HOURS of tweaking and testing get to work.
  What I've done
  On W-FW2
  Added Site S to the existing interesting traffic ACL and added a 'NO NAT' for it like so;
  object network S-CLIENTS
  subnet 65.253.1.0 255.255.255.0
  access-list VPN-INTERESTING-TRAFIC extended permit ip object B-CLIENTS object S-CLIENTS
  nat (inside,outside) source static B-CLIENTS B-CLIENTS destination static S-CLIENTS S-CLIENTS
  On W-FW1
  Added Site S to the existing interesting traffic ACL and added a 'NO NAT' for it like so;
  object network S-CLIENTS
  subnet 65.253.1.0 255.255.255.0
  access-list VPN-INTERESTING-TRAFIC extended permit ip object S-CLIENTS object B-CLIENTS
  nat (inside,outside) source static S-CLIENTS S-CLIENTS destination static B-CLIENTS B-CLIENTS
  At this point packet tracer said the traffic was being blocked by ACL so I added
  access-list inbound extended permit ip object B-CLIENTS object S-CLIENTS
  access-list inbound extended permit icmp object B-CLIENTS object S-CLIENTS
  access-group inbound in interface outside
  Now Packet Tracer was happy, Still B-Client Cannot Ping S-Client!
  W-FW1 can ping S-Client
  Attempting to ping S-Client from B-Client brings up the tunnel (phase 1 and 2) but no traffic ever travels BACK to B-Client.
  Running Wireshark on the 106.200.194.1 interface of S-FW1 whilst attempting to ping 65.253.1.10 from S-FW1 shows traffic (as expected) but if I ping from B-Client it gets nothing (so I'm assuming the traffic never gets out of W-FW1
  Help!

  First check if the packet from the S client is making it back to the W-F1. 
  Configure Captures on the interface that is connected to the 106.200.194 subnet. 
  #cap capin interface <interface name> match ip host <sclient ip> host <bclient ip>
  #show cap capin
  Capture is bidirectional. Hence no need to enable it in the opposite direction.
  If the packet is seen coming back from the  Sclient and still not getting encrypted then do asp drop capture to see if the ASA is dropping it
  #capture asp type asp-drop all
  send the traffic.
  #show cap asp | in <Sclient IP>
  If the packet is see in this capture then the ASA is dropping it.
  Then do a packet tracer to see why it is dropping it.
  #packet-t input <Sclient connected interface name> icmp <sclient IP> 8 0 <b client IP> det.
  Check why the packet is dropping.
  if the capin capture does not see the reply packet then check the reply path and routing.

• VPN (PPTP) problem

  Hi
  I have a weird VPN problem on my macbook. I'm trying to connect to a Windows 2000 Server though VPN dialup (PPTP), it connects, seems like I'm getting an IP, but I cannot access anything on the network.
  VPN dialup works fine from my iMac, so I know it's not a server issue.
  Any one have any suggestions?
  Thanks

  I had this issue too.
  I don't know much about this sort of thing, but my network admin makes me go to terminal every time and enter this in
  sudo route add 10.10.0.0/16 10.10.7.1

• ASA5505 - SG300 VPN site2site problem

  Hello,
  I have a problem with a site2site VPN between a SG300 and an ASA5505. On the SG300 we have two internal connected networks, the second one is an alias. The VPN goes up and works correctly for hours or even for days. Then I don't know why, for some reason, the VPN is up but works only for one of the two networks. When the users try to connect I get this error on the ASA:  ASA-7-710006: ESP request discarded from SG300PubblicInterface to outside:ASAPubblicInterface. To solve this problem I have to restart the VPN or make a ping from the ASA's LAN to the SG's LAN that isn't working. We have other VPNs on both firewalls that work correctly. ASA's Software Version is 8.0(3). I saw that I'm not the only one having this problem but nobody found the right answer...

  Hi Vinay,
  As per your below config
  crypto map vpnmap 10 match address vpnfr
  crypto map vpnmap 10 set peer 193.242.9.126
  crypto map vpnmap 10 set transform-set myvpn
  crypto map vpnmap 20 ipsec-isakmp dynamic dynmap
  crypto map vpnmap 30 match address vpnsing
  crypto map vpnmap 30 set peer 203.126.186.226
  crypto map vpnmap 30 set transform-set myvpn2
  crypto map vpnmap 40 match address vpnbl
  crypto map vpnmap 40 set peer 61.8.153.122
  crypto map vpnmap 40 set transform-set myvpn2
  crypto map vpnmap 50 match address vpnde
  crypto map vpnmap 50 set peer 61.8.129.170
  crypto map vpnmap 50 set transform-set myvpn2
  crypto map vpnmap interface outside
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set pfs
  crypto map outside_map 1 set peer 193.242.9.126
  crypto map outside_map 1 set transform-set ESP-3DES-SHA
  vpnmap  is your original crypto map if this is the crypto map its applied to oustide interface which is correct
  now if you have added a new crypto map say " outside_map"  its not going to work as we can only apply one crypto map per interface i dont see any resundant ISP on the config so i suppose the crypto map 
  "outside_map" might be the newly added crypto map if that is true please try below config changes and let me know if it helps
  =============================================================
  crypto map vpnmap 60 match address outside_1_cryptomap <<<<
  crypto map vpnmap 60 set pfs  <<<<<<<<<<<<<<<<<<<<<<<<<
  crypto map vpnmap 60 set peer 193.242.9.126
  crypto map vpnmap 60 set transform-set ESP-3DES-SHA
  ===============================================================
  make sure the crypto acl  "outside_1_cryptomap" is mirrored on the remote end and you also have PFS enabled on remote end
  Thanks
  Rohan

• VPN 3000 problem

  I have 2 CVPN 3000 at my institution. They have both software version 4.7.2.L-k9. Thay also have WebVPN running.
  Lately something strange has been happening. One VPN loses connection (ping keepalives stop working) and no one can connect. When this happens I change the dns A record of the vpn service to the 2nd CVPN and, after a while, that 2nd CVPN stops responding. Can this be an attack? What can I search for in the logfile? The logfile cannot handle more than 15, 20 minutes.
  Thanks in advance.

  I have captured some traffic directed to the SSL port. There alots of TCP retransmission packets (ack dup).
  Disabling SSL service I have the CVPN running for a day now.. it seems the problems have stopped. Of course nw I don?t have WebVPN service.
  Any suggestions? Has anyone experienced such a problem?
  Tx

• VPN setup problem

  I have installed Snow Leopard Server on a new XServe. I have updated to 10.6.2.
  Other services are working Related to VPN I have configured the VPN Service using L2TP.
  I have no additional network routing defined.
  Every time I try to setup a connection (from my macbook pro --> running snow leopard 10.6.2) I get the following log messages:
  2009-11-15 14:44:41 CET Incoming call... Address given to client = 192.168.1.160
  Sun Nov 15 14:44:41 2009 : Directory Services Authentication plugin initialized
  Sun Nov 15 14:44:41 2009 : Directory Services Authorization plugin initialized
  Sun Nov 15 14:44:41 2009 : L2TP incoming call in progress from '192.168.1.15'...
  Sun Nov 15 14:44:41 2009 : L2TP received SCCRQ
  Sun Nov 15 14:44:41 2009 : L2TP sent SCCRP
  Sun Nov 15 14:44:41 2009 : L2TP received SCCCN
  Sun Nov 15 14:44:41 2009 : L2TP received ICRQ
  Sun Nov 15 14:44:41 2009 : L2TP sent ICRP
  Sun Nov 15 14:44:41 2009 : L2TP received ICCN
  Sun Nov 15 14:44:41 2009 : L2TP connection established.
  Sun Nov 15 14:44:41 2009 : using link 0
  Sun Nov 15 14:44:41 2009 : Using interface ppp0
  Sun Nov 15 14:44:41 2009 : Connect: ppp0 <--> socket[34:18]
  Sun Nov 15 14:44:41 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth eap> <magic 0x7dd4d1cd> <pcomp> <accomp>]
  Sun Nov 15 14:44:41 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1e217556> <pcomp> <accomp>]
  Sun Nov 15 14:44:41 2009 : lcp_reqci: returning CONFACK.
  Sun Nov 15 14:44:41 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1e217556> <pcomp> <accomp>]
  Sun Nov 15 14:44:41 2009 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth eap> <magic 0x7dd4d1cd> <pcomp> <accomp>]
  Sun Nov 15 14:44:41 2009 : sent [LCP EchoReq id=0x0 magic=0x7dd4d1cd]
  Sun Nov 15 14:44:41 2009 : sent [EAP Request id=0x1 Identity ]
  Sun Nov 15 14:44:41 2009 : rcvd [LCP EchoReq id=0x0 magic=0x1e217556]
  Sun Nov 15 14:44:41 2009 : sent [LCP EchoRep id=0x0 magic=0x7dd4d1cd]
  Sun Nov 15 14:44:41 2009 : rcvd [LCP EchoRep id=0x0 magic=0x1e217556]
  Sun Nov 15 14:44:41 2009 : rcvd [EAP Response id=0x1 Identity <"]
  Sun Nov 15 14:44:47 2009 : LCP terminated by peer (Failed to authenticate ourselves to peer)
  Sun Nov 15 14:44:47 2009 : sent [LCP TermAck id=0x2]
  Sun Nov 15 14:44:47 2009 : L2TP received CDN
  Sun Nov 15 14:44:47 2009 : Connection terminated.
  Sun Nov 15 14:44:47 2009 : L2TP disconnecting...
  Sun Nov 15 14:44:47 2009 : L2TP sent CDN
  Sun Nov 15 14:44:47 2009 : L2TP sent StopCCN
  Sun Nov 15 14:44:47 2009 : L2TP disconnected
  2009-11-15 14:44:47 CET --> Client with address = 192.168.1.160 has hungup
  What does that mean:
  "Failed to authenticate ourselves to peer" ???
  Are there some configurations which can solve this problem ???
  Best regards
  Andreas

  This are the related client side log entries:
  Sun Nov 15 14:44:40 2009 : L2TP connecting to server '192.168.1.10' (192.168.1.10)...
  Sun Nov 15 14:44:40 2009 : IPSec connection started
  Sun Nov 15 14:44:40 2009 : IPSec phase 1 client started
  Sun Nov 15 14:44:40 2009 : IPSec phase 1 server replied
  Sun Nov 15 14:44:41 2009 : IPSec phase 2 started
  Sun Nov 15 14:44:41 2009 : IPSec phase 2 established
  Sun Nov 15 14:44:41 2009 : IPSec connection established
  Sun Nov 15 14:44:41 2009 : L2TP sent SCCRQ
  Sun Nov 15 14:44:41 2009 : L2TP received SCCRP
  Sun Nov 15 14:44:41 2009 : L2TP sent SCCCN
  Sun Nov 15 14:44:41 2009 : L2TP sent IRCQ
  Sun Nov 15 14:44:41 2009 : L2TP received ICRP
  Sun Nov 15 14:44:41 2009 : L2TP sent ICCN
  Sun Nov 15 14:44:41 2009 : L2TP connection established.
  Sun Nov 15 14:44:41 2009 : using link 0
  Sun Nov 15 14:44:41 2009 : Using interface ppp0
  Sun Nov 15 14:44:41 2009 : Connect: ppp0 <--> socket[34:18]
  Sun Nov 15 14:44:41 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1e217556> <pcomp> <accomp>]
  Sun Nov 15 14:44:41 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth eap> <magic 0x7dd4d1cd> <pcomp> <accomp>]
  Sun Nov 15 14:44:41 2009 : lcp_reqci: returning CONFACK.
  Sun Nov 15 14:44:41 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth eap> <magic 0x7dd4d1cd> <pcomp> <accomp>]
  Sun Nov 15 14:44:41 2009 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1e217556> <pcomp> <accomp>]
  Sun Nov 15 14:44:41 2009 : sent [LCP EchoReq id=0x0 magic=0x1e217556]
  Sun Nov 15 14:44:41 2009 : rcvd [LCP EchoReq id=0x0 magic=0x7dd4d1cd]
  Sun Nov 15 14:44:41 2009 : sent [LCP EchoRep id=0x0 magic=0x1e217556]
  Sun Nov 15 14:44:41 2009 : rcvd [EAP Request id=0x1 Identity ]
  Sun Nov 15 14:44:41 2009 : sent [EAP Response id=0x1 Identity <"]
  Sun Nov 15 14:44:47 2009 : Connection terminated.
  Sun Nov 15 14:44:47 2009 : rcvd [EAP Request id=0x2 EAP KRB <00003f000001000101>]
  Sun Nov 15 14:44:47 2009 : L2TP disconnecting...
  Sun Nov 15 14:44:47 2009 : L2TP sent CDN
  Sun Nov 15 14:44:47 2009 : L2TP sent StopCCN
  Sun Nov 15 14:44:47 2009 : L2TP disconnected

• VPN passthru problem

  I have on Win 2003 server install VPN server.
  When I tryed connect i get following error in server's Event log:
  A connection between the VPN server and the VPN client [MYPUBLICIP] has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  How I can configure ruter in my case?

  I use PPTP VPN protocol.
  This means that I must forward following ports:
  TCP 1723
  IP Protocol ID of 47 (0x2F). => This filter allows PPTP tunneled data to the PPTP server
  How can I forward IP protocol?