Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1040
Views
0
Helpful
3
Replies

Microsoft 2016 Server VPN

sprocket10
Level 2
Level 2

‎07-08-2020 07:33 AM

We are rolling out a Microsoft 2016 VPN Server to replace our Cisco AnyConnect (various reasons why).

The issue we are hitting is that PPTP and SSTP VPNs connect with no issue, but we want to use L2TP which isnt hitting the server.

We believe the ASA is having trouble with passing ESP.

The 2016 VPN is sitting on a DMZ interface behind the ASA. For testing I have forwarded all traffic on a secondary public IP to the server until I have it fully working and then I will restrict ports.

Is there a reason the L2TP isnt connecting but PPTP is.

0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎07-08-2020 12:05 PM

Are you doing NAT or PAT for the public IP?  What ports have you allowed to the Microsoft server?  Are you allowing protocol 50, UDP 1701, UDP 500 and/or UDP 4500 in the access rules (I am assuming you are using IPSec)?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

sprocket10
Level 2
Level 2
In response to Marius Gunnerud

‎07-09-2020 02:39 AM

I have a NAT rule for any ports and a firewall rule for any ports while testing.

PPTP and SSTP VPNs both work in tests but L2TP doesnt. Nothing even logs on the 2016 server for this.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to sprocket10

‎07-09-2020 01:31 PM

Could you post the configuration you are using for NAT and access rules? Remember to remove any public IPs

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card