L2TP/IPSec Problem

From: Paul (pjc_at_callwave.com)
Date: 12/31/03

• Next message: Bobby McMillan [MSFT]: "RE: MMC snap-in for Internet Explorer control?"
• Previous message: JasonW: "MMC snap-in for Internet Explorer control?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Dec 2003 22:33:39 -0800

I have two Windows 2000 SP4 (Hosts A&B) configured
identically
to do L2TP/IPSec to a Windows 2003 (Host-C) box.
(Yes, I installed the 128-bit encryption pack and NAT-T
patches on both)

Host-A works.
Host-B does not.
Host-B gets stuck on Oakley.
It sends the first Oakley packet successfully, but the
responder (Host-C) does not reply.

Looks like a filter is stopping it.
I have no idea why one host works and another one does not.
I tried Flushing the NAT tables every time.
I tried searching IPSec Policies for any filters.
I tried searching RRAS for any filters.

Has anyone seen this behavior?

Diagram:

Host-A &
B Host-C
Initiator <---> NAT Box <---> Internet <---> NAT Box <-
-> Responder
68.227.86.101
   192.168.23.132

Here is Oakley.log on the Responder (Host-C, Windows 2003):
This stanza just repeats over and over until the
negotiation times out.

12-30: 21:08:01:859:fcc Receive: (get) SA = 0x00000000
from 68.227.86.101.500
12-30: 21:08:01:859:fcc ISAKMP Header: (V1.0), len = 292
12-30: 21:08:01:859:fcc I-COOKIE e7731123ba0f3a44
12-30: 21:08:01:859:fcc R-COOKIE 0000000000000000
12-30: 21:08:01:859:fcc exchange: Oakley Main Mode
12-30: 21:08:01:859:fcc flags: 0
12-30: 21:08:01:859:fcc next payload: SA
12-30: 21:08:01:859:fcc message ID: 00000000
12-30: 21:08:01:859:fcc Filter to match: Src 68.227.86.101
Dst 192.168.23.132
12-30: 21:08:01:859:fcc MatchMMFilter failed 13013
12-30: 21:08:01:859:fcc Responding with new SA 0
12-30: 21:08:01:859:fcc HandleFirstPacketResponder failed
3601

• Next message: Bobby McMillan [MSFT]: "RE: MMC snap-in for Internet Explorer control?"
• Previous message: JasonW: "MMC snap-in for Internet Explorer control?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Hosts file/NAV cannot repair ... I am now receiving, both in Safe Mode and regular, a low memory ... windows is changing page faults. ... >> attempted to edit the hosts file, ... > scan with HijackThis. ... (microsoft.public.security) Re: 0x80072EE7 ... Point the DNS Resolution to 4.2.2.2 ... Is the Windows firewall sufficient to replace Norton AV and Counterspy? ... I have Norton Antivirus and Online Security. ... When I looked in the Hosts file as suggested in one resolution, ... (microsoft.public.windowsupdate) Re: "...your hosts file has been hacked." ... to be repaired and a substitute hosts file to delete, ... Microsoft MVP for Windows Security ... > This popped up yesterday when I try to google or msn.com. ... of programs to edit the file with. ... (microsoft.public.windowsxp.security_admin) Re: Terrible Web Surfing Speed ... the Windows and Linux hosts are configured with *static* IPs and DNS ... The LAN hosts must have static IPs because they ... (comp.os.linux.networking) "we have been hacked" ... If you see this page your hosts file has been hacked. ... all patches for your computer from the Windows Update Site ... How to edit your hosts file: ... lines from the file and type in: 127.0.0.1 localhost. ... (microsoft.public.inetserver.iis.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint