Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

L2TP/IPSEC VPN Connection Issue only Over wan ---- Error:789

RRAS, VPN, TS/RDP, Routing and remote Access.

L2TP/IPSEC VPN Connection Issue only Over wan ---- Error:789

Postby guest » Sun Aug 26, 2012 10:40 am

I tested the VPN internally using the local ip address and it works fine. As soon as I try it from the wan on a remote computer it will not work. Gives me this

"error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with remote computer"

This is on a server 2008 r2 platform with a L2TP\IPSEC VPN with a preshared key.

I only have mapped port 1701, do I need 4500 and 500 also?



What I have checked so far

I have mapped over the port (1701) in the router, However when I use the online open port checker tool it cant find the service. I tested a http file server on that port and it saw my service to the port is not being block by my router. The Firewall is a set to allow the connection over the correct network interface. Edge translation is allowed

Any ideas?
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: L2TP/IPSEC VPN Connection Issue only Over wan ---- Error:789

Postby guest » Sun Aug 26, 2012 10:41 am

Thanks for the post.

From your description, I understand that the error 789: "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer" is received when trying VPN from the WAN on a remote computer.

This is a generic error which is thrown when the IPSec negotiation fails for L2TP/IPSec connections.

Possible causes for this issue could be:

a> L2TP based VPN client (or VPN server) is behind NAT.

b> Wrong certificate or pre-shared key is set on the VPN server or client

c> Machine certificate or trusted root machine certificate is not present on the VPN server.

d> Machine Certificate on VPN Server does not have 'Server Authentication' as the EKU

Now please make sure correct certificate is used both on client and server side. In case Pre Shared Key (PSK) is used, make sure the same PSK is configured on the client and the VPN server machine.

Hope this helps.

Mile
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: L2TP/IPSEC VPN Connection Issue only Over wan ---- Error:789

Postby guest » Sun Aug 26, 2012 10:41 am

added 4500 and 500 with no luck...

Router logs show its coming in
[LAN access from remote] from remoteip :4500 to 192.168.1.2:4500 Tuesday, Jun 29,2010 06:10:25
[LAN access from remote] from remoteip :500 to 192.168.1.2:500 Tuesday, Jun 29,2010 06:10:25



Error changed to error 809
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: L2TP/IPSEC VPN Connection Issue only Over wan ---- Error:789

Postby guest » Sun Aug 26, 2012 10:42 am

Do you have any firewall which is placed in front of your Windows Server 2008 VPN Server? Do you have the Windows Server firewall turned on? If yes, try to have all these ports and protocols open on them: IKE: UDP Port 500 IKE/IPSec NAT-T: UDP Port 4500 IPSec ESP: IP Protocol 50 IPSec AH: IP Protocol 51 UDP L2TP port: 1701 Cheers
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm


Return to VPN, TS and Remote Access

Your Ad Here

Who is online

Users browsing this forum: No registered users and 4 guests