06-09-2002 06:46 PM - edited 02-21-2020 11:47 AM
Hi,
I am attempting to configure L2TP/IPSec between Windows 2000 and
Concentrator 3030. When I tried to make a connection from PC
client to the Concentrator, I found the following message in the Concentrator.
Does that mean I need to turn on AH in Concentrator?
I am sure that I have turned off Authentication in the Base Group and
the User inherited this.
1 06/09/2002 19:38:13.090 SEV=7 IKEDBG/0 RPT=2327 172.20.116.69
Oakley proposal is acceptable
2 06/09/2002 19:38:13.090 SEV=7 IKEDBG/28 RPT=315 172.20.116.69
IKE SA Proposal # 1, Transform # 3 acceptable
Matches global IKE entry # 2
3 06/09/2002 19:38:13.410 SEV=7 IKEDBG/0 RPT=2328 172.20.116.69
Group [VPNC_Base_Group]
Found Phase 1 Group (VPNC_Base_Group)
4 06/09/2002 19:38:13.430 SEV=5 IKE/79 RPT=39 172.20.116.69
Group [VPNC_Base_Group]
Validation of certificate successful
(CN=l2tp_ipsec, SN=7BE22559000600000393)
6 06/09/2002 19:38:13.430 SEV=7 IKEDBG/0 RPT=2329 172.20.116.69
Group [VPNC_Base_Group]
peer ID type 9 received (DER_ASN1_DN)
7 06/09/2002 19:38:13.450 SEV=4 IKE/119 RPT=268 172.20.116.69
Group [VPNC_Base_Group]
PHASE 1 COMPLETED
8 06/09/2002 19:38:13.450 SEV=6 IKE/121 RPT=268 172.20.116.69
Keep-alive type for this connection: None
9 06/09/2002 19:38:13.450 SEV=6 IKE/122 RPT=39 172.20.116.69
Keep-alives configured on but peer does not support keep-alives (type = None)
10 06/09/2002 19:38:13.450 SEV=7 IKEDBG/0 RPT=2330 172.20.116.69
Group [VPNC_Base_Group]
Starting phase 1 rekey timer: 21600000 (ms)
11 06/09/2002 19:38:13.500 SEV=5 IKE/25 RPT=145 172.20.116.69
Group [VPNC_Base_Group]
Received remote Proxy Host data in ID Payload:
Address 172.20.116.69, Protocol 17, Port 1701
14 06/09/2002 19:38:13.500 SEV=5 IKE/24 RPT=145 172.20.116.69
Group [VPNC_Base_Group]
Received local Proxy Host data in ID Payload:
Address 172.20.106.104, Protocol 17, Port 0
17 06/09/2002 19:38:13.500 SEV=5 IKE/66 RPT=247 172.20.116.69
Group [VPNC_Base_Group]
IKE Remote Peer configured for SA: ESP-L2TP-TRANSPORT
18 06/09/2002 19:38:13.500 SEV=5 IKEDBG/0 RPT=2331
AH proposal not supported
19 06/09/2002 19:38:13.500 SEV=4 IKE/0 RPT=314 172.20.116.69
Group [VPNC_Base_Group]
All IPSec SA proposals found unacceptable!
20 06/09/2002 19:38:13.500 SEV=4 IKEDBG/0 RPT=2332
QM FSM error (P2 struct &0x3eacff8, mess id 0x3186b058)!
21 06/09/2002 19:38:13.500 SEV=4 IKEDBG/0 RPT=2333
QM FSM history (P2 struct &0x3eacff8):
[13, 52], [3, 32], [3, 44], [3, 31]
22 06/09/2002 19:38:13.500 SEV=6 IKE/0 RPT=315 172.20.116.69
Group [VPNC_Base_Group]
Removing peer from correlator table failed, no match!
Thanks,
Madeleine
06-10-2002 10:34 AM
I have fixed the above problem.
But now my question is: why on the VPN3005 Concentrator shows L2TP connections? If I uncheck L2TP option, and leave the L2TP over IPSec on, then VPN3005 would be getting "Tunneling protocol not allowed."
How to make VPN3005 display L2TP over IPSec?
Thanks,
Madeleine
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide