IPSEC/L2TP VPN on SBS 2003

G

Guest

I cannot get this to work reliably - I have had 1 success so far in 2 days of
testing but it has now failed again.

I have configured the client to use EAP. Certificates seem to be up to date
and validating against the root certificate. I have double checked
authentication methods and have updated Remote Access policies to reflect the
correct (externally facing) server certificate.

I can establish a connection using PPTP and passwords (MS-CHAP 2) and also
do PPTP using EAP, so I assume that the certificates are cross checking. But
when I try to force L2TP I get Error 789 on one client (connecting via
dial-up) or Error 678 on another (pseudo VPN connecting via TCP/IP on the
local network).

Where do I look next? Is there a wel documented monitor I can use? Please
ping me on stephen@expraxis(removeme).com.
 
C

Carl DaVault [MSFT]

You can try the following:

Make sure the clients and the server have compatible certificates in the
local machine store (not the user store) and restart RRAS on the VPN server.

Try using IPSec with a pre-shared key to rule out certificate issues (set
the key using RRAS snapin, not the IPSec snapin).

Make sure there are no firewalls in the way.

http://www.microsoft.com/vpn has a ton of information
 
S

stephen_oliver

Fixed.

I am using Basic Firewall configured by the SBS Internet Connectio
wizard. Although it sets most filters and parameters correctly it doe
not set:
* IP Security (IKE) on UDP Port 500
* IP Security (IKE NAT Traversal) on UDP port 4500
* VPN Gateway (L2TP/IPSEC running on this server) on UDP port 1701
Using these on Basic Firewall you find them in RRAS under IP Routing b
right clicking the external network interface and selecting Properties.
I have manually set those on, pointing to 127.0.0.1.

I think that was the cause, although to be safe I reissued machin
certificates using GPUPDATE. I also manually issued an IPSE
certificate (not issued by default under SBS 2003) but I don't thin
that was the issue.

It gets there in the end but it would be nice if the connection wizar
picked these things up. The wizard in SBS 2003 is a major step forwar
compared to 2000 but still not completely there.
You can try the following:

Make sure the clients and the server have compatible certificates i
the
local machine store (not the user store) and restart RRAS on the VP
server.

Try using IPSec with a pre-shared key to rule out certificate issue
(set
the key using RRAS snapin, not the IPSec snapin).

Make sure there are no firewalls in the way.

http://www.microsoft.com/vpn has a ton of information

--
Standard Disclaimers -
This posting is provided "AS IS" with no warranties,
and confers no rights. Please do not send e-mail directly
to this alias. This alias is for newsgroup purposes only



-
stephen_olive
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top