Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
0
Helpful
1
Replies

L2TP over IPSec setup with Concentrator and Windows 2000

mlamone
Cisco Employee
Cisco Employee

‎06-09-2002 06:46 PM - edited ‎02-21-2020 11:47 AM

Hi,

I am attempting to configure L2TP/IPSec between Windows 2000 and

Concentrator 3030. When I tried to make a connection from PC

client to the Concentrator, I found the following message in the Concentrator.

Does that mean I need to turn on AH in Concentrator?

I am sure that I have turned off Authentication in the Base Group and

the User inherited this.

1 06/09/2002 19:38:13.090 SEV=7 IKEDBG/0 RPT=2327 172.20.116.69

Oakley proposal is acceptable

2 06/09/2002 19:38:13.090 SEV=7 IKEDBG/28 RPT=315 172.20.116.69

IKE SA Proposal # 1, Transform # 3 acceptable

Matches global IKE entry # 2

3 06/09/2002 19:38:13.410 SEV=7 IKEDBG/0 RPT=2328 172.20.116.69

Group [VPNC_Base_Group]

Found Phase 1 Group (VPNC_Base_Group)

4 06/09/2002 19:38:13.430 SEV=5 IKE/79 RPT=39 172.20.116.69

Group [VPNC_Base_Group]

Validation of certificate successful

(CN=l2tp_ipsec, SN=7BE22559000600000393)

6 06/09/2002 19:38:13.430 SEV=7 IKEDBG/0 RPT=2329 172.20.116.69

Group [VPNC_Base_Group]

peer ID type 9 received (DER_ASN1_DN)

7 06/09/2002 19:38:13.450 SEV=4 IKE/119 RPT=268 172.20.116.69

Group [VPNC_Base_Group]

PHASE 1 COMPLETED

8 06/09/2002 19:38:13.450 SEV=6 IKE/121 RPT=268 172.20.116.69

Keep-alive type for this connection: None

9 06/09/2002 19:38:13.450 SEV=6 IKE/122 RPT=39 172.20.116.69

Keep-alives configured on but peer does not support keep-alives (type = None)

10 06/09/2002 19:38:13.450 SEV=7 IKEDBG/0 RPT=2330 172.20.116.69

Group [VPNC_Base_Group]

Starting phase 1 rekey timer: 21600000 (ms)

11 06/09/2002 19:38:13.500 SEV=5 IKE/25 RPT=145 172.20.116.69

Group [VPNC_Base_Group]

Received remote Proxy Host data in ID Payload:

Address 172.20.116.69, Protocol 17, Port 1701

14 06/09/2002 19:38:13.500 SEV=5 IKE/24 RPT=145 172.20.116.69

Group [VPNC_Base_Group]

Received local Proxy Host data in ID Payload:

Address 172.20.106.104, Protocol 17, Port 0

17 06/09/2002 19:38:13.500 SEV=5 IKE/66 RPT=247 172.20.116.69

Group [VPNC_Base_Group]

IKE Remote Peer configured for SA: ESP-L2TP-TRANSPORT

18 06/09/2002 19:38:13.500 SEV=5 IKEDBG/0 RPT=2331

AH proposal not supported

19 06/09/2002 19:38:13.500 SEV=4 IKE/0 RPT=314 172.20.116.69

Group [VPNC_Base_Group]

All IPSec SA proposals found unacceptable!

20 06/09/2002 19:38:13.500 SEV=4 IKEDBG/0 RPT=2332

QM FSM error (P2 struct &0x3eacff8, mess id 0x3186b058)!

21 06/09/2002 19:38:13.500 SEV=4 IKEDBG/0 RPT=2333

QM FSM history (P2 struct &0x3eacff8):

[13, 52], [3, 32], [3, 44], [3, 31]

22 06/09/2002 19:38:13.500 SEV=6 IKE/0 RPT=315 172.20.116.69

Group [VPNC_Base_Group]

Removing peer from correlator table failed, no match!

Thanks,

Madeleine

Labels:
0 Helpful
1 Reply 1

mlamone
Cisco Employee
Cisco Employee

‎06-10-2002 10:34 AM

I have fixed the above problem.

But now my question is: why on the VPN3005 Concentrator shows L2TP connections? If I uncheck L2TP option, and leave the L2TP over IPSec on, then VPN3005 would be getting "Tunneling protocol not allowed."

How to make VPN3005 display L2TP over IPSec?

Thanks,

Madeleine

0 Helpful
Customers Also Viewed These Support Documents