07-08-2020 07:33 AM
We are rolling out a Microsoft 2016 VPN Server to replace our Cisco AnyConnect (various reasons why).
The issue we are hitting is that PPTP and SSTP VPNs connect with no issue, but we want to use L2TP which isnt hitting the server.
We believe the ASA is having trouble with passing ESP.
The 2016 VPN is sitting on a DMZ interface behind the ASA. For testing I have forwarded all traffic on a secondary public IP to the server until I have it fully working and then I will restrict ports.
Is there a reason the L2TP isnt connecting but PPTP is.
07-08-2020 12:05 PM
Are you doing NAT or PAT for the public IP? What ports have you allowed to the Microsoft server? Are you allowing protocol 50, UDP 1701, UDP 500 and/or UDP 4500 in the access rules (I am assuming you are using IPSec)?
07-09-2020 02:39 AM
I have a NAT rule for any ports and a firewall rule for any ports while testing.
PPTP and SSTP VPNs both work in tests but L2TP doesnt. Nothing even logs on the 2016 server for this.
07-09-2020 01:31 PM
Could you post the configuration you are using for NAT and access rules? Remember to remove any public IPs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide