Vista VPN using L2TP/IPSec with preshared key
I am in the process of moving from a totally Cisco solution to one not totally Cisco. I have been looking for white papers on setting upa Vista VPN using L2TP/IPSec with a preshared key. I have it working in XP but I most be missing something because I can not get it to work on a Vista machine. I will be connecting toa Cisco PIX firewall for now and this is the way it has to be setup. Does anyone know where the Vista specific white papers are for doing this? Thanks much
June 26th, 2007 9:01pm
Can I ask for details on how you set up the XP L2TP/IPSec vpn?It seems that I also need to allow L2TP on the VPN concentrator as well as L2TP/IPSec in order for the XP L2TP/IPSec client to connect. Otherwise I get a 'tunneling protocol not supported' error on the concentratro. I also don't see any IPSec packets in this configuration; just L2TP. In addition the pre-shared key doesn't work- you can leave it blank or set it to whatever you want and the client will still connect.I've read everything I can find on this and so far we've not been able to figure this out.Thanks.And good luck with Vista; we'll be fighting that one very soon as well.Lynne UVM
January 24th, 2008 7:53pm
Has anyone been able to resolve this issue? I am experiencing the same issue. I have ISA 2004 configured to allow VPN connections using L2TP/IPSEC with a pre shared key. This works absolutely fine from Winows XP but am unable to connect from a Vista workstation. Error received is Error 766 If anyone has any answers/suggestions the please make them know.
March 27th, 2008 6:44pm
Nope, still not working but to be honest I have been working working on other issues. I hope to get back to beating my head on this one shortly.
April 16th, 2008 2:01pm
I never got round to psoting that I managed to resolve my instance of this issue. In my case the issue resulted from Norton Internet Security. I installed this onto a test vista workstation and it prevented me from accessing my VPN server with the speecified error. The Log Viewer reported an error similar to that reported on the forum detailed below A packet from [VPN Servers IP address] with invalid IP Total length of XXX bytes was detected and blocked: http://symantecbetaforums.norton.com/symantecbetaforum/board/message?board.id=NISIssues&message.id=209 I was unable to find a workaround with Norton Internet Security installed. Even adding the VPN server to the Trusted list and adding a General Rule with top priority to allow ALL traffic to and from the VPN Server did not resolve the issue. As soon as I removed the Norton product, the VPN was able to connect without any issue. I can not find any official resolution to this issue so unfortunately the only course of action for now appears to be to remove the Norton Security Product and use a different Security Product. IMPORTANT - It is essential that you implement a current Antivirus and Firewall.
April 16th, 2008 2:08pm
PIX 6.3.5 worked well for me supporting PPTP (Mac OS X 10.5 clients) and L2TP (Windows XP clients). Upgrading to PIX/ASA 7.2.3 was supposed to support L2TP (Windows Vista clients) since 6.3.5 didn't support CHAP-2 protocols. However, while I now can get both Mac 10.5 and Windows XP clients to use L2TP, Windows Vista clients still *** out.The reason is given below...http://support.microsoft.com/kb/KB942429You cannot connect a computer that is running Windows Vista to a Cisco ASA Series VPN server by using a virtual private network (VPN) connection that is based on the "Layer 2 Tunneling Protocol with IPsec" (L2TP/IPsec) protocol.This behavior occurs because of changes in Windows Vista that help improve security.When the Cisco ASA Series VPN server performs a L2TP/IPsec negotiation, the server uses the message ID to identify the client. This negotiation is a phase 2 quick-mode negotiation. However, in a quick-mode negotiation, all Windows Vista-based VPN clients use the same message ID for their initial messages. Therefore, when a Windows Vista-based VPN client connects to a VPN server, message IDs from other Windows Vista-based VPN clients are considered duplicate IDs. Therefore, the VPN server refuses the other connections.
May 16th, 2008 7:43pm
About this issue, Symantec already provided the patch module for NIS2008/N360v2/NAV2008 from 6/18. For solving this issue, please LiveUpdate.
July 5th, 2008 7:19pm
Is there any way around this behavior or maybe a fix?
August 6th, 2008 2:53pm