L2TP/VPN problem/questions



I have been using Windows 2000 Server SP4 with ISA Server 2000 SP1 without
issue for PPTP VPN connections for a while now. I would like to start using
L2TP now instead. When attempting to connect from a windows 2000 pro SP4
client I get the following error:

Error 781: The encryption attempt failed because no valid certificate was

all the documentation I'm finding by googling is about setting up tunnel
mode VPN that are server to server... for connecting 2 whole different
networks, not just a simple client to server connection.

1) anyone know how to address the error I'm getting?
2) got any links to directions on setting up L2TP VPN using windows client
and ISA Server 2000? I already read about setting up server side using the
ISA wizard... no mention of getting a certificate there though?
3) If I need to request a certificate what kind? (I have an internal CA

general questions:
A) I read L2TP requires PKI - I assume that means I need to supply all my
clients with certificates, correct? If so what type of certificates are
required for the clients? and the server? (I have an internal windows 2000

B) looking forward to after I actually get this working from inside the lan
and actually want remote clients to use it, is NAT still an issue? Is NAT-T
available for windows 2000 IPSec? I think I saw somewhere that you had to
have Windows Server 2003?

any help would be appreciated. thanks.


more info:

I got a little further and now have a different error message. I installed a
certificate on my client machine (windows 2000 pro sp4) from my own internal
windows 2000 based Enterprise CA. I have referenced some of Tom Shinders VPN
Deployment kit docs but they assume your using windows server 2003 which I'm
not. So my certificate athority did not give the same options as his
directions specify. So I don't know if my cert is the right kind for the
job. Nevertheless, the cert error message is gone and I now get this:

Error 792: The L2TP connection attempt failed because security negotiation
timed out.


Priya Raghavan [MSFT]

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question