But PPTP can. Who said anything about IPSec? -----Original Message----- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 12:23 PM To: Exchange Discussions Subject: RE: VPN issue...
IPsec cannot be used through a router that NAT's the packets. The NAT'ing hoses things on the packet. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 Defeat is a state of mind. No one is ever defeated until defeat has been accepted as a reality. To me, defeat in anything is merely temporary, and its punishment is but an urge for me to greater effort to achieve my goal. Defeat simply tells me that something is wrong in my doing; it is a path leading to success and truth. --Bruce Lee -----Original Message----- From: Muqeem Syed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 22, 2002 6:11 PM To: Exchange Discussions Subject: VPN issue... Hi All, Please check this out... we have a pix firewall in our office with a frame-relay connection... at the branch office we are connected Via an ADSL Lucent Cell pipe router... All the configurations on the router were done by the service provider.... and he informed us to use the default gateway of 192.168.0.10 for our LAN there... now the problem is that we cannot establish a PPTP connection between the firewall and the Win 2K clients thru the ADSL and the LAN ... but when we use dial up coonections and use the services of the same ISP... we can establish the VPN connection... At the firewall end I can see that the client gets connected for some time.. and then is disconnected... on the client side I see the dialg that the machine is trying to connect to the remote host.. then says.. verifying username and password and then after some time I get the error that says... The L2TP connection attempt failed becasue the security layer encountered a processing error during initial negotiations with the remote computer.... Actually this LAN is being set up by a Novice.. but very Enthusiast .. Sys Admin .. from our branch office.. and so far he had been telling me that the remote client only attempts to connect to the firewall... he gets the verifying username and password screen and then it tels him that the username and the password is bad... .. till I had to force him to allow me to use PCANywhere and dial into one of the clients... and check myself what was happening from that end.. when I noticed this... I feel that this has to do with ... the Win 2000 domain security... I feel that he has set up the domain and all the machines there on the network to be forced to use IPSec and since the IPSec policy is being applied to the LAN cards... but not to the dial up modem interfaces.. I am getting the error mentioned.... But if you guys can help me with this.,... please do.. I get the error 789 on the Win 2K server.. where in I set up the machine for PPTP with secure connection as an option.. since the firewall has been set up at the moment to allow PPTP connections.... I have myself treid it out on a ADSL connection .. but from a different Service provider and it appears to work fine... CAN it be a NAT issue... but logically again.. I feel it is not.. since I have configured for a WIndows RRAS server... on a LAN with an ADSL connection and have succesfully established a VPN conneciton from all the clients ... .. so I feel that the NATtting is not an issue here... unless this ISP is blocking some ports.. Can some one please throw more light on this Regards _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
