• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Error 768: While trying to connect via L2TP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Error 768: While trying to connect via L2TP Page: [1]
Login
Message << Older Topic   Newer Topic >>
Error 768: While trying to connect via L2TP - 11.Mar.2005 7:34:00 PM   
rhassall

 

Posts: 5
Joined: 3.Mar.2004
From: VA
Status: offline
The setup is ISA 2004 on a Server 2003 box. We are able to connect with PPTP with no issues. But, when we try via L2TP we receive the Error 768: The connection attempt failed because of failure to encrypt data. Then I uncheck the option of "Require data encryption" on the Security tab in the VPN Connection Properties and receive Error: 789 The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer. Any assistance would be great!
Post #: 1
RE: Error 768: While trying to connect via L2TP - 13.Mar.2005 5:43:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi R,

Are you using certificates or pre-shared keys for the L2TP/IPSec connection?

Thanks!
Tom

(in reply to rhassall)
Post #: 2
RE: Error 768: While trying to connect via L2TP - 14.Mar.2005 1:03:00 PM   
rhassall

 

Posts: 5
Joined: 3.Mar.2004
From: VA
Status: offline
We have tried both a Microsoft generated certificate and a pre-shared key with the same results, no connection.

(in reply to rhassall)
Post #: 3
RE: Error 768: While trying to connect via L2TP - 15.Mar.2005 12:40:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi R,

Make sure that you're using ONLY either a pre-shared key *or* cert. Not both.

HTH,
Tom

(in reply to rhassall)
Post #: 4
RE: Error 768: While trying to connect via L2TP - 15.Mar.2005 1:16:00 PM   
rhassall

 

Posts: 5
Joined: 3.Mar.2004
From: VA
Status: offline
We tested only one at a time and are currently testing different types of certs. We have created IPSec, Computer, Administrator, User certs with no success in connecting.
ItĘs an instantaneous error that we receive while we are trying to connect.

Rudy

(in reply to rhassall)
Post #: 5
RE: Error 768: While trying to connect via L2TP - 31.Mar.2005 3:50:00 PM   
lankylad

 

Posts: 7
Joined: 11.Dec.2004
From: UK
Status: offline
Just a thought, but are you using NAT? L2TP wont work over NAT

(in reply to rhassall)
Post #: 6
RE: Error 768: While trying to connect via L2TP - 31.Mar.2005 6:59:00 PM   
AbqBill

 

Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
lankylad wrote:
quote:
L2TP wont work over NAT
Hi lankylad,

L2TP with NAT-T is supported on the server side with Windows Server 2003. On the client side, you have to have Win2K or XP SP1 with 818043 (NAT-T update) or XP SP2. (I don't know about 9x boxes since I don't deal with them any more).

Bill

(in reply to rhassall)
Post #: 7
RE: Error 768: While trying to connect via L2TP - 31.Mar.2005 10:25:00 PM   
rhassall

 

Posts: 5
Joined: 3.Mar.2004
From: VA
Status: offline
We are running NAT and the clients are mixed Win 2k SP4 and Win XP Pro SP2. Does anyone know if 818043 (NAT-T update) is included in Win2k SP4? It still doesn't work with with Win XP SP2.

Rudy

(in reply to rhassall)
Post #: 8
RE: Error 768: While trying to connect via L2TP - 31.Mar.2005 10:32:00 PM   
erickufrin

 

Posts: 58
Joined: 15.Apr.2003
From: Milwaukee, WI
Status: offline
I experienced the simallar problem to what you are describing.

XPSP2 Client
|
|
|
NAT Device Cisco PIX 501
|
|
|
ISA04/2K3Server

My PIX was configured to allow inbound UDP 4500, and UDP 500. 1723 not needed since it is encapsulated inside of 4500 NAT-T.

I had everything configure correctly. Could connect inside the PIX but not outside. Well, the problem turned out to be a change in XP SP2 VPN. Before SP1 the default behavior was to assume both client and server were behind NAT devices. SP2 made it so that it would still work but not with the server behind a NAT device.

There is a registry key that you will need to change on the SP2 client.
There used to be a MS KB article on this, but it has since disappeared from MS website.

Here is a link to a third party website which describes the registry key that needs to be changed.
http://linnetsol.co.uk/winxp.asp#WinXPSP2nat

The default behavior of IPsec NAT traversal (NAT-T) is changed in XP SP2
http://support.microsoft.com/kb/885407

This one also explaines the registry key needing changes.
L2TP/IPsec NAT-T update for Windows XP and Windows 2000
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B818043

Previous ISAServer.org forum thread.
http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=30;t=000164

Let me know if this helps!

Eric Kufrin

(in reply to rhassall)
Post #: 9
RE: Error 768: While trying to connect via L2TP - 31.Mar.2005 10:33:00 PM   
erickufrin

 

Posts: 58
Joined: 15.Apr.2003
From: Milwaukee, WI
Status: offline
I would also like to add that the proper type of certificate to be using on the client machines is "Computer".

Eric Kufrin

(in reply to rhassall)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Error 768: While trying to connect via L2TP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts