Re: l2tp/ipsec

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 07/02/04

• Next message: Scott Harding - MS MVP: "Re: VPN connection problem"
• Previous message: Steven L Umbach: "Re: RAS is wasting my DHCP IP address"
• In reply to: AMAN: "Re: l2tp/ipsec"
• Next in thread: aman: "Re: l2tp/ipsec"
• Reply: aman: "Re: l2tp/ipsec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 02 Jul 2004 17:18:19 GMT

No you don't have to configure ipsec policy, it is created automatically for l2tp.
However you have to create the same preshared key on both the client and server
[which you can not do on W2K but can for XP pro]. The server must be W2003 for nat-t
and the client needs to have the nat-t upgrade installed. If the client is a W2003
then I don't think it needs the nat-t upgrade but you should review the KB
documentaion to make sure. --- Steve

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/vpnexamp.mspx

"AMAN" <AMANWALIAUS@HOTMAIL.COM> wrote in message
news:2514001c46018$e72ca1c0$a401280a@phx.gbl...
> I am using the windows 2003 as a vpn client and that is
> NAT-T ENABLED. I HAVE TAKEN THE FOLLOWING STEPS TO
> CONFIGUR THE VPN SERVER
>
>
>
> - ON THE SERVER PROPERTIES I HAVE SELECTED THE SECURITY
> TAB AND THEN
>
> ADDED THE SHARED KEY .
>
> DO WE HAVE TO CONFIGURE THE IPSEC POLICIES ALSO.
>
>
>
> THANKS
>
> AMAN
>
>
> >-----Original Message-----
> >L2tp will not work over NAT devices if you are using
> such. If that is the case
> >you could try to install the NAT-T upgrade on the client
> computer and open the
> >appropriate ports and protocols on any firewall. L2tp
> uses 1701/udp, 500/udp,
> >and protocol 50. NAT-T also uses 4500/udp. --- Steve
> >
> >http://support.microsoft.com/default.aspx?scid=kb;en-
> us;818043
> >
> >"aman" <amanwaliaus@hotmail.com> wrote in message
> >news:2455c01c45f5a$e4513880$a501280a@phx.gbl...
> >> I have configured a windows 2003 server for vpn i want
> to
> >> use the L2TP/ipsec shared key for Authentications. when
> >> ever
> >> i try to connect my server from client it gives me a
> error
> >> 789.
> >
> >
> >.
> >

---

• Next message: Scott Harding - MS MVP: "Re: VPN connection problem"
• Previous message: Steven L Umbach: "Re: RAS is wasting my DHCP IP address"
• In reply to: AMAN: "Re: l2tp/ipsec"
• Next in thread: aman: "Re: l2tp/ipsec"
• Reply: aman: "Re: l2tp/ipsec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: L2TP VPN connection between XP Pro and Win 2003 RRAS ... and RRAS server and am getting the error I described: ... Server expects Kerberous and Client send preshared key. ... (microsoft.public.windows.server.networking) Re: Win2K vpn client using shared secret key ... I was hoping that I could use that as a starting point for getting a client ... For some reason the OS X server can't do PPTP properly (I was ... L2TP/IPSec with a preshared key? ... > on each end of the router connection. ... (microsoft.public.win2000.networking) Re: RRAS and Preshared Key ... If I had lets say my server assigned with a public IP address and my client had a Nat address would this situation work? ... > preshared key on the client and server was by setting up a IPSEC policy. ... (microsoft.public.win2000.networking) Re: l2tp/ipsec ... server through the vpn client the error was in firewall ... >and the client needs to have the nat-t upgrade installed. ... >> I am using the windows 2003 as a vpn client and that is ... (microsoft.public.win2000.security) Re: NAT-T Question ... > The NAT-T upgrade is client side only and only Windows 2003 server works ... (microsoft.public.win2000.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)