L2TP/IPSec Problem

From: Paul (pjc_at_callwave.com)
Date: 12/31/03 

Date: Tue, 30 Dec 2003 22:33:39 -0800

I have two Windows 2000 SP4 (Hosts A&B) configured
identically
to do L2TP/IPSec to a Windows 2003 (Host-C) box.
(Yes, I installed the 128-bit encryption pack and NAT-T
patches on both)

Host-A works.
Host-B does not.
Host-B gets stuck on Oakley.
It sends the first Oakley packet successfully, but the
responder (Host-C) does not reply.

Looks like a filter is stopping it.
I have no idea why one host works and another one does not.
I tried Flushing the NAT tables every time.
I tried searching IPSec Policies for any filters.
I tried searching RRAS for any filters.

Has anyone seen this behavior?

Diagram:

Host-A &
B Host-C
Initiator <---> NAT Box <---> Internet <---> NAT Box <-
-> Responder
68.227.86.101
   192.168.23.132

Here is Oakley.log on the Responder (Host-C, Windows 2003):
This stanza just repeats over and over until the
negotiation times out.

12-30: 21:08:01:859:fcc Receive: (get) SA = 0x00000000
from 68.227.86.101.500
12-30: 21:08:01:859:fcc ISAKMP Header: (V1.0), len = 292
12-30: 21:08:01:859:fcc I-COOKIE e7731123ba0f3a44
12-30: 21:08:01:859:fcc R-COOKIE 0000000000000000
12-30: 21:08:01:859:fcc exchange: Oakley Main Mode
12-30: 21:08:01:859:fcc flags: 0
12-30: 21:08:01:859:fcc next payload: SA
12-30: 21:08:01:859:fcc message ID: 00000000
12-30: 21:08:01:859:fcc Filter to match: Src 68.227.86.101
Dst 192.168.23.132
12-30: 21:08:01:859:fcc MatchMMFilter failed 13013
12-30: 21:08:01:859:fcc Responding with new SA 0
12-30: 21:08:01:859:fcc HandleFirstPacketResponder failed
3601

Relevant Pages

  • Re: WindowsUpdate_80244019 Help
    ... On windows XP you can start updating from the microsoft's website, ... Is that entry in HOSTS, ... MowGreen [MVP 2003-2009] ... Scroll down to Win HTTP Web Proxy Auto-Discovery Service ...
    (microsoft.public.windowsupdate)
  • Re: Hosts file/NAV cannot repair
    ... I am now receiving, both in Safe Mode and regular, a low memory ... windows is changing page faults. ... >> attempted to edit the hosts file, ... > scan with HijackThis. ...
    (microsoft.public.security)
  • Re: 0x80072EE7
    ... Point the DNS Resolution to 4.2.2.2 ... Is the Windows firewall sufficient to replace Norton AV and Counterspy? ... I have Norton Antivirus and Online Security. ... When I looked in the Hosts file as suggested in one resolution, ...
    (microsoft.public.windowsupdate)
  • Re: WindowsUpdate_80244019 Help
    ... we'll recommend a tool that will install the latest Windows Update Agent and reset automatic updates [aka Windows Update in Vista]. ... The HOSTS.sam file has been overwritten with a backup of the HOSTS file on my system so I can't see if that entry is unusual or atypical, but it should have no bearing as to any of the MS update servers. ...
    (microsoft.public.windowsupdate)
  • Re: "...your hosts file has been hacked."
    ... to be repaired and a substitute hosts file to delete, ... Microsoft MVP for Windows Security ... > This popped up yesterday when I try to google or msn.com. ... of programs to edit the file with. ...
    (microsoft.public.windowsxp.security_admin)