locked
RRAS ipsec vpn RRS feed

  • Question

  • I have successfully connected using server 2003 and IPsec  localy but i couldn't connect from outside my lan generating error 789

    my server is behind nat and i use cdma 1x internet connection for my client which  also uses private ip of different subnet mask  of my server

    any suggestion or help is welcome

    Wednesday, March 14, 2012 9:03 AM

Answers

  • Hi,

    Thanks for your post.

    It’s a generic error when IPSec negotiation fails for L2TP/IPSec connections. Following are the possible cause for this issue:

    1. L2TP base VPN client (or VPN server) is behind NAT. We need to configure NAT-Traversal for VPN connection.

    The default behavior of IPsec NAT traversal (NAT-T) is changed in Windows XP Service Pack 2
    http://support.microsoft.com/kb/885407

    How to configure an L2TP/IPsec server behind a NAT-T device in Windows Vista and in Windows Server 2008
    http://support.microsoft.com/kb/926179

    2. Port blocking in firewalls. We need to allow incoming and outgoing trffic on UDP 500 and 1701. For NAT-T, we need UDP port 4500 as well.

    3. Wrong certificate or pre-shared key is set on the VPN server or client.

    4. Computer certificate or trusted root machine certificate is not present on the VPN server.


    Best Regards,
    Aiden


    Aiden Cao

    TechNet Community Support

    • Marked as answer by Aiden_Cao Thursday, March 22, 2012 1:23 AM
    Thursday, March 15, 2012 5:50 AM