Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Unable to publish a L2TP/IPSec server
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Unable to publish a L2TP/IPSec server - 11.Oct.2007 9:52:28 AM
|
|
|
wh_tech
Posts: 5
Joined: 3.Oct.2007
Status: offline
|
I have been able to publish a web server and OWA server behind the ISA 2006 firewall, however when I try to publish a L2TP/IPSec server the server acts like it is not listening for the traffic. If I leave the config the same and change my VPN protocol to PPTP, it works fine. I am getting the following error.
Description: The server publishing rule L2TP VPN for L2TP/IPSec, which publishes the IP address 172.0.x.x:500 on port UDP for the protocol L2TP/IPSEC, was unable to bind a socket for the server. The server publishing rule cannot be applied.
The failure is due to error: 0x80070034
The server publishing rule NAT-T VPN for L2TP/IPSec, which publishes the IP address 172.0.x.x:4500 on port UDP for the protocol IPsec NAT-T Server, was unable to bind a socket for the server. The server publishing rule cannot be applied.
The failure is due to error: 0x80070034
172.0.x.x is the address of the external ISA adapter. There is a Cisco ASA in front and all the protocols are passing through there ok.
|
|
|
|
|
RE: Unable to publish a L2TP/IPSec server - 11.Oct.2007 11:17:07 AM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
You'll need to stop and disable the 'IPSec Policy Agent" service on the ISA server if you plan on publishing an L2TP VPN server internally. This is a different requirement from PPTP since IPSec is always running on Win2000/2003, vice PPTP which only listens when VPN functionality is enabled on the ISA server.
|
|
|
|
|
RE: Unable to publish a L2TP/IPSec server - 11.Oct.2007 11:22:41 AM
|
|
|
wh_tech
Posts: 5
Joined: 3.Oct.2007
Status: offline
|
Would this still be true if the ISA Server is the VPN server?
|
|
|
|
|
RE: Unable to publish a L2TP/IPSec server - 11.Oct.2007 11:31:20 AM
|
|
|
Rotorblade
Posts: 963
Joined: 27.Feb.2007
Status: offline
|
quote:
ClintD
You'll need to stop and disable the 'IPSec Policy Agent" service on the ISA server if you plan on publishing an L2TP VPN server internally. This is a different requirement from PPTP since IPSec is always running on Win2000/2003, vice PPTP which only listens when VPN functionality is enabled on the ISA server.
Here is the KB for doing so - > Configure the VPN Server, you must disable the automatic L2TP over IPSec policy, as described in article 310109, "HOW TO: Disable the Automatic L2TP/IPSec Policy" (http://go.microsoft.com/fwlink/?LinkId=28086), in the Microsoft Knowledge Base. Disabling the automatic L2TP over IPSec policy will require that you add a registry key to the VPN server and all clients.
What about IKE?
Do you have two server publishing rules configured - NAT-T and IKE?
The article below is for ISA 2004 but should be the same for ISA 2006.
http://www.microsoft.com/technet/isa/2004/plan/publishingVPNservers.mspx
HTH
RB
|
|
|
|
|
RE: Unable to publish a L2TP/IPSec server - 11.Oct.2007 6:14:28 PM
|
|
|
Rotorblade
Posts: 963
Joined: 27.Feb.2007
Status: offline
|
quote:
Would this still be true if the ISA Server is the VPN server?
That's a problem and would explain why you are receiving the socket binding error!
Why are you trying to publish the server if it's already running as a VPN server?
RB
|
|
|
|
|
RE: Unable to publish a L2TP/IPSec server - 22.Oct.2007 3:04:50 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
quote:
Here is the KB for doing so - > Configure the VPN Server, you must disable the automatic L2TP over IPSec policy, as described in article 310109, "HOW TO: Disable the Automatic L2TP/IPSec Policy"
That's incorrect. That registry key only disables the 'injection' of L2TP specific filters (UDP 1701) into IPSec - but it doesn't prevent IPSec from listening on port 500.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
