Re: [Mikrotik] L2TP / IPSEC VPN (MT) with XP / Vista Clients

Sun, 17 Aug 2008 14:26:33 -0500 (CDT) 

On Mon, 11 Aug 2008, Billy F. Glover wrote:
Is there somebody that can give me an example of a working L2TP/IPSEC VPN connection using MT as the server and XP / Vista as the client? 


Client (10.10.10.1/24) ---- > router (local 10.10.10.254 / public 
70.243.x.x) ---- > router (public 70.199.x.x / local 10.10.11.1) 
---- > Server



If you are having trouble getting the IPSEC tunnel to establish, 
there are just a couple of reasons that are likely to be 
responsible:



1. You are trying to NAT the client side and/or server side of the 
IPSEC tunnel.  This USUALLY does not work.


2. You have a configuration problem.


The solution to the first possible (most likely probable) cause is 
to run your IPSEC tunnel between the to PUBLIC routers, then the 
L2TP tunnel will work between the private addresses.  Alternatively, 
depending on what kind of routers you have with the public IP 
addresses, you can build an IP-IP tunnel between the 10.10.10.0/24 
and 10.10.11.0/24 networks.  Then run your IPSEC/L2TP connection 
without the NAT being in the way.



If the second issue is your problem, then you'd have to post some 
configs of both devices.



Using PPTP this works just as I would expect.  Using L2TP / IPSEC 
it never links.  From the looks of it IPSEC never forms a stable 
link. L2TP client in XP then times out.  I've tried this using 
PSK's and with Certs.  Any help would be great.



The fact that the PPtP works and IPSEC does not, makes it pretty 
likely that the first issue above is what is causing your issue.  If 
the router you are using supports NAT-T ("NAT traversal for IPSEC"), 
then you should be able to run IPSEC from the client pc to the 
public IP of the other router.  NAT-T does NOT allow for (or fix) 
connections between 2 NAT IPs.


--
********************************************************************
*Butch Evans                    *Professional Network Consultation *
*Network Engineering            *MikroTik RouterOS                 *
*573-276-2879                   *ImageStream                       *
*http://www.butchevans.com/     *StarOS and MORE                   *
*http://blog.butchevans.com/    *Wired or wireless Networks        *
*Mikrotik Certified Consultant  *Professional Technical Trainer    *
********************************************************************






















					Reply via email to