Networking Forums  

Go Back   Networking Forums > Networking Newsgroups > Windows Server Networking
Reload this Page Client cannot connect to VPN server - others can

Client cannot connect to VPN server - others can

Reply
 
Thread Tools Display Modes
  #1  
Old 01-26-2007, 12:36 PM
Default Client cannot connect to VPN server - others can


Hello Group,

we are running Windows 2003 Server Enterprise Edition with Active Directory
and Remote Access Service. We setup RAS to allow only L2TP-EAP connections.

This is working! Many clients can connect without any problems.

But, some clients cannot. These clients are often behind a router (but there
a clients behind routers, which can connect without any problems!). In
oakley.log I notice:

-----
1-26: 03:23:47:496:8b4 Receive: (get) SA = 0x04ac8c70 from CLIENTIP.57589
1-26: 03:23:47:496:8b4 ISAKMP Header: (V1.0), len = 544
1-26: 03:23:47:496:8b4 I-COOKIE 38dad3f194afb3b3
1-26: 03:23:47:496:8b4 R-COOKIE b7818d1c12e1e471
1-26: 03:23:47:496:8b4 exchange: Oakley Main Mode
1-26: 03:23:47:496:8b4 flags: 0
1-26: 03:23:47:496:8b4 next payload: FRAG
1-26: 03:23:47:496:8b4 message ID: 00000000
1-26: 03:23:47:496:8b4 processing payload FRAG
1-26: 03:23:47:496:8b4
1-26: 03:23:47:496:8b4 Receive: (get) SA = 0x04ac8c70 from CLIENTIP.57589
1-26: 03:23:47:496:8b4 ISAKMP Header: (V1.0), len = 544
1-26: 03:23:47:496:8b4 I-COOKIE 38dad3f194afb3b3
1-26: 03:23:47:496:8b4 R-COOKIE b7818d1c12e1e471
1-26: 03:23:47:496:8b4 exchange: Oakley Main Mode
1-26: 03:23:47:496:8b4 flags: 0
1-26: 03:23:47:496:8b4 next payload: FRAG
1-26: 03:23:47:496:8b4 message ID: 00000000
1-26: 03:23:47:496:8b4 processing payload FRAG
1-26: 03:23:47:496:8b4
1-26: 03:23:47:496:8b4 Receive: (get) SA = 0x04ac8c70 from CLIENTIP.57589
1-26: 03:23:47:496:8b4 ISAKMP Header: (V1.0), len = 544
1-26: 03:23:47:496:8b4 I-COOKIE 38dad3f194afb3b3
1-26: 03:23:47:496:8b4 R-COOKIE b7818d1c12e1e471
1-26: 03:23:47:496:8b4 exchange: Oakley Main Mode
1-26: 03:23:47:496:8b4 flags: 0
1-26: 03:23:47:496:8b4 next payload: FRAG
1-26: 03:23:47:496:8b4 message ID: 00000000
1-26: 03:23:47:496:8b4 processing payload FRAG
1-26: 03:23:47:512:8b4
1-26: 03:23:47:512:8b4 Receive: (get) SA = 0x04ac8c70 from CLIENTIP.57589
1-26: 03:23:47:512:8b4 ISAKMP Header: (V1.0), len = 544
1-26: 03:23:47:512:8b4 I-COOKIE 38dad3f194afb3b3
1-26: 03:23:47:512:8b4 R-COOKIE b7818d1c12e1e471
1-26: 03:23:47:512:8b4 exchange: Oakley Main Mode
1-26: 03:23:47:512:8b4 flags: 0
1-26: 03:23:47:512:8b4 next payload: FRAG
1-26: 03:23:47:512:8b4 message ID: 00000000
1-26: 03:23:47:512:8b4 processing payload FRAG
1-26: 03:23:47:512:8b4
1-26: 03:23:47:512:8b4 Receive: (get) SA = 0x04ac8c70 from CLIENTIP.57589
1-26: 03:23:47:512:8b4 ISAKMP Header: (V1.0), len = 136
1-26: 03:23:47:512:8b4 I-COOKIE 38dad3f194afb3b3
1-26: 03:23:47:512:8b4 R-COOKIE b7818d1c12e1e471
1-26: 03:23:47:512:8b4 exchange: Oakley Main Mode
1-26: 03:23:47:512:8b4 flags: 0
1-26: 03:23:47:512:8b4 next payload: FRAG
1-26: 03:23:47:512:8b4 message ID: 00000000
1-26: 03:23:47:512:8b4 processing payload FRAG
1-26: 03:23:47:512:8b4 ReceivedFullPacket
1-26: 03:23:47:512:8b4 ClearFragList
1-26: 03:23:47:512:8b4
1-26: 03:23:47:512:8b4 Receive: (get) SA = 0x04ac8c70 from CLIENTIP.57589
1-26: 03:23:47:512:8b4 ISAKMP Header: (V1.0), len = 2132
1-26: 03:23:47:512:8b4 I-COOKIE 38dad3f194afb3b3
1-26: 03:23:47:512:8b4 R-COOKIE b7818d1c12e1e471
1-26: 03:23:47:512:8b4 exchange: Oakley Main Mode
1-26: 03:23:47:512:8b4 flags: 1 ( encrypted )
1-26: 03:23:47:512:8b4 next payload: ID
1-26: 03:23:47:512:8b4 message ID: 00000000
1-26: 03:23:47:512:8b4 Dropping SA processing because SA status set. SA
04AC8C70 Centry 00000000 Status 3618
----

This get logged, while client says "Connecting with...", which ends up in
error "Error 792: The L2TP connection attempt failed because security
negotiation timed out."


Thomas D.
Reply With Quote
  #2  
Old 01-26-2007, 12:47 PM
Thomas D.
Guest
  
Posts: n/a
Default RE: Client cannot connect to VPN server - others can
Something I forgot to say:
We also tried to set "AssumeUDPEncapsulationContextOnSendRule" to 1 or 2 on
both site (client/server). It didn't solve the problem.
Reply With Quote
  #3  
Old 01-27-2007, 11:47 PM
Pietro
Guest
  
Posts: n/a
Default Re: Client cannot connect to VPN server - others can
Look at the router's manual. It should support "VPN passthru". Sometimes
this feature must be enabled even if supported.
In other words, the router must allow to the traffic generated by the
RAS server to get back to the client.
Bye,
-Pietro.

Thomas D. ha scritto:
> Hello Group,
>
> we are running Windows 2003 Server Enterprise Edition with Active Directory
> and Remote Access Service. We setup RAS to allow only L2TP-EAP connections.
>
> This is working! Many clients can connect without any problems.
>
> But, some clients cannot. These clients are often behind a router (but there
> a clients behind routers, which can connect without any problems!). In
> oakley.log I notice:
[CUT]
> This get logged, while client says "Connecting with...", which ends up in
> error "Error 792: The L2TP connection attempt failed because security
> negotiation timed out."

--
http://store.webmad.it/ http://www.linkedin.com/in/pietrolicata
Reply With Quote
Reply

Tags
client, connect, server, vpn

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 06:18 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.