locked
Upgraded from ISA to TMG Now L2TP/IPSec Client VPNs Unable to Connect Consistently RRS feed

  • Question

  • We've been trying to upgrade from ISA 2006 (running on Server 2003 Std) to TMG 2010 SP1 (running on 2008 R2 Std) without much success.  All publishing, routing, etc works fine except for client VPN access.  Specifically L2TP/IPSec clients.  PPTP works fine everytime.  When attempting to connect using L2TP/IPSec, we receive Error: 789 "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer".  The kicker is, however, it's not consistent.  Sometimes the client connects, sometimes it does not.  Sometimes we can connect, disconnect, and reconnect twice within several minutes without issue.  Other times, we can't connect even once.  After some random amount of time we may be able to connect again.  If we connect to TMG using PPTP it will work fine every time.  If we put our original ISA box back in service, the L2TP/IPSec VPNs will work again every time. 

    We've tried to address this by rebuilding the box from scratch, configuring the rules and objects from scratch (assuming there may be a problem with corrupt objects in the config file exported from ISA), configuring the NAT-T reg hack (KB926179).  Still no luck.  The config is the same between boxes.  Is there something different with how Server 2008R2 and/or TMG handles IPSec?  Is this even a TMG problem or a problem w/RRAS on 2008? 

    Any help anyone can offer is greatly appreciated!

    mardi 28 septembre 2010 16:04

Réponses

  • There have been some issues with VPN but I have not heard orf any since SP1 was made available plus the Software update for FTMG SP1.

    As no other responses have nbeen received and the call was opened back in September, I'll close it out.

    Keith


    Keith Alabaster - MVP/Forum Moderator
    dimanche 19 décembre 2010 16:28
    Modérateur

Toutes les réponses

  • There have been some issues with VPN but I have not heard orf any since SP1 was made available plus the Software update for FTMG SP1.

    As no other responses have nbeen received and the call was opened back in September, I'll close it out.

    Keith


    Keith Alabaster - MVP/Forum Moderator
    dimanche 19 décembre 2010 16:28
    Modérateur
  • HI,
    I have the same problem.
    with L2TP and cert the VPN sometimes goes on and sometimes it doesn't go.
    with L2TP witk preshared key or PPTP tge VPN goes on without problem.
    I have also TMG SP1 and W2008R2, i use a cert from aour internal CA and the cert is reigh installed on server and our clients.
    can you help us. thanks a lot
    Paolo
    dimanche 9 janvier 2011 23:28