DI-624 MS L2TP/IPSEC - dslreports.com

Author	All Replies
jacobinos join:2005-07-06	DI-624 MS L2TP/IPSEC Hi did anybody get XP SP2 Microsoft L2TP/IPSEC VPN to work on A DI-624? I have all VPN pass thrus ON and all I get is error:792 security negotiation time out, which means that DI-624 is blocking udp 500 and protocol ID 50 & 51. D-LINK say it should work. Any comments much appreciated.
	to forum · permalink · · 2005-07-09 09:55:56 ·
funchords Hello Premium,MVM join:2001-03-11 Washington, DC	Did you set it up in Advanced / Virtual Server?
	to forum · permalink · · 2005-07-09 16:40:46 ·
jacobinos join:2005-07-06	reply to jacobinos Yes I have, althought that setting is more relevant for a server on the LAN, and had even tried under DMZ. It seems MS L2TP/IPSEC is not supported since it also uses protocol ID 51 'Authentication Header' which is not even set when the Virtual setting is enabled,but I just want to confirm if its so maybe someone did get it working after all. THX
	to forum · permalink · · 2005-07-09 22:54:25 ·
funchords Hello Premium,MVM join:2001-03-11 Washington, DC ·Verizon Online DSL ·Skype	I have seen the firewall enable a protocol entry for me when I enabled the IPSec Virtual Server entry. It does the same for PPTP which uses Proto ID 47. So you're inside the LAN trying to connect to a server on the WAN side? You should not need to open up a Virtual Server for that. Here are some steps that might or might not help, I found these as advice for a Nortel IPSec tunnel: Step 1 Open the Web Configuration Page Step 2 Click on Advanced / Applications Step 3 Check Enable Step 4 Enter a name e.g. L2TP Step 5 Enter 500 for Trigger Port (500 - 500) Step 6 Select Both for Trigger Type Step 7 Enter 500 for Public Port Step 8 Select Both for Public Type Step 9 Click Apply -- Robb Topolski \|\| http://www.funchords.com/ \|\| Hillsboro, Oregon USA The enemy of freedom is dependence. Support this site - Get more features - Be a Member! - It's Free!
	to forum · permalink · · 2005-07-10 01:19:34 ·
jacobinos join:2005-07-06	Thank you for your tips, but setting the applications entry does not work either !!!
	to forum · permalink · · 2005-07-10 02:11:27 ·
Bwuutje join:2005-01-10	Question: Is the VPN server you are trying to connect to behind a NAT router too ? If so, read this: »www.computerworld.com/securityto···,00.html Bwuutje.
	to forum · permalink · · 2005-07-10 06:25:43 ·
jacobinos join:2005-07-06	No its not, and without the DI-624 one can connect with L2TP/IPSEC for example with XP ICS.
	to forum · permalink · · 2005-07-11 04:49:46 ·
funchords Hello Premium,MVM join:2001-03-11 Washington, DC	Please confirm: You're inside the LAN trying to connect to a server on the WAN side?
	to forum · permalink · · 2005-07-11 12:53:01 ·
jacobinos join:2005-07-06	I confirm I am trying to connect from my LAN at home, to a VPN server at the office over the internet, I can connect using VPN PPTP with PPTP pass through enabled and nothing else, but cannot say the same for L2TP !!! Also would like to confirm if I get the DI-624 out of the picture and change my setup to use XP ICS, L2TP works fine.
	to forum · permalink · · 2005-07-11 15:24:39 ·
Bwuutje join:2005-01-10	"Also would like to confirm if I get the DI-624 out of the picture and change my setup to use XP ICS, L2TP works fine." Just to confirm/clarify too....you exchanged the 624 by another XP ICS machine which NAT's (for) the machine you are trying to establish the VPN from ? Right ? Bwuutje.
	to forum · permalink · · 2005-07-11 17:25:13 ·
jacobinos join:2005-07-06	Yes
	to forum · permalink · · 2005-07-11 17:59:49 ·
funchords Hello Premium,MVM join:2001-03-11 Washington, DC ·Verizon Online DSL ·Skype	reply to jacobinos Then this should work all day long without any Virtual Servers or Firewall Rules. Maybe or maybe not just that "perhaps this might help" Nortel thing I gave you. Sadly I don't know what to tell you -- it sounds like you've done this exactly right. -- Robb Topolski \|\| http://www.funchords.com/ \|\| Hillsboro, Oregon USA The enemy of freedom is dependence. Support this site - Get more features - Be a Member! - It's Free!
	to forum · permalink · · 2005-07-11 22:40:23 ·
jacobinos join:2005-07-06	Well thanks I was curious if someone else had this same problem.
	to forum · permalink · · 2005-07-12 08:43:03 ·
jacobinos join:2005-07-06	I have solved the problem with L2TP/IPSEC VPN, no fault to the DI-624, had to open port 4500 1701 udb and 1701 TCP on office firewall Thanks for the help.
	to forum · permalink · · 2005-07-14 16:56:03 ·
ozzy52 @swbell.ne	Was just reading through all that you know with the intent of lending a hand if I could. How may I ask do you suspect it worked from home when you used XP box in place of the DI-624 when the problem was a blocked port on the remote end? Does Windows XP have some magical power to punch through corporate firewalls? I don't get it.
	to forum · permalink · 2005-07-18 04:49:14 ·
jacobinos join:2005-07-06	My short sightedness was that under XP I was using it on the gateway of the ICS and so it was going through the recommend ports I had already opened on the office firewall, but then when I tried under the DI-624 I was really behind an NAT and L2TP/IPSEC VPN needs the extra ports I mentioned to function properly, so no XP has no magical power to punch through corporate firewalls!!!
	to forum · permalink · · 2005-07-18 06:13:58 ·


Saturday, 28-Nov 12:11:54	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF