Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 409 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't get L2TP over IPSEC VPN working

chris529
I've been trying to configure VPN access for some users.

I've managed this successfully using PPTP however for added security I'd rather use L2TP over IPSEC.

So far as I can tell everything is configured correctly. That is I am trying to connect an XP machine to the ASG.

Here's what I'm getting on the ASG IPSEC log when I try to connect:

2008:01:03-23:47:13 (none) pluto[17369]: packet from 79.***.***.***:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]

2008:01:03-23:47:13 (none) pluto[17369]: packet from 79.***.***.***:500: ignoring Vendor ID payload [FRAGMENTATION]

2008:01:03-23:47:13 (none) pluto[17369]: packet from 79.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

2008:01:03-23:47:13 (none) pluto[17369]: packet from 79.***.***.***:500: ignoring Vendor ID payload [Vid-Initial-Contact]

2008:01:03-23:47:13 (none) pluto[17369]: "D_REF_arcJKUamyW_0"[2] 79.***.***.*** #10: responding to Main Mode from unknown peer 79.***.***.***

2008:01:03-23:47:13 (none) pluto[17369]: "D_REF_arcJKUamyW_0"[2] 79.***.***.*** #10: Peer ID is ID_DER_ASN1_DN: 'C=gb, L=Location, O=Org, CN=Chris, E=name@domain'

2008:01:03-23:47:13 (none) pluto[17369]: "D_REF_arcJKUamyW_0"[2] 79.***.***.*** #10: crl not found

2008:01:03-23:47:13 (none) pluto[17369]: "D_REF_arcJKUamyW_0"[2] 79.***.***.*** #10: certificate status unknown

2008:01:03-23:47:13 (none) pluto[17369]: "D_REF_WMeOdOWJBc_1"[9] 79.***.***.*** #10: deleting connection "D_REF_arcJKUamyW_0" instance with peer 79.***.***.*** {isakmp=#0/ipsec=#0}

2008:01:03-23:47:13 (none) pluto[17369]: "D_REF_WMeOdOWJBc_1"[9] 79.***.***.*** #10: we have a cert and are sending it

2008:01:03-23:47:13 (none) pluto[17369]: "D_REF_WMeOdOWJBc_1"[9] 79.***.***.*** #10: sent MR3, ISAKMP SA established

2008:01:03-23:47:13 (none) pluto[17369]: "D_REF_WMeOdOWJBc_1"[9] 79.***.***.*** #10: cannot respond to IPsec SA request because no connection is known for 81.***.***.***/32===172.27.31.103[@lgccfirewall]:17/1701...79.***.***.***[C=gb, L=Location, O=Org, CN=Chris, E=name@domain]:17/%any==={172.27.30.8/32}

2008:01:03-23:47:13 (none) pluto[17369]: "D_REF_WMeOdOWJBc_1"[9] 79.***.***.*** #10: sending encrypted notification INVALID_ID_INFORMATION to 79.***.***.***:500

2008:01:03-23:47:14 (none) pluto[17369]: "D_REF_WMeOdOWJBc_1"[9] 79.***.***.*** #10: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xe9c8d887 (perhaps this is a duplicated packet) 

From what I can figure out here the initial handshake is going ok however it's the tunnel configuring bit that isn't working.

Two questions really, firstly am I right in my assumptions above and secondly how can I tell ASG about this connection I want it to setup?

Thanks in advance for any help received!

Chris


This thread was automatically locked due to age.
Cookie Information Banner