Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

L2TP error 791 connecting from outside 3

Status
Not open for further replies.
pfriedma

pfriedma

IS-IT--Management
Sep 29, 2003
2
US
We're trying to use L2TP/IPSec to get remote access for our users (it's more compatible with firewalls than PPTP seems to be), and are running to a bit of trouble connecting.

Our setup:
Win2003 server with RRAS configured to listen for L2TP connections (using SharedKey instead of certificates).

WinXP clients with L2TP and the secret configured in their VPN connector.

Firewall is a Linksys forwarding ports 500, 1701, 4500 (both TCP+UDP)

The VPN connection works fine when the client is on the lan, but when it's outside the firewall I get "Error 791: The L2TP connection attempt failed because security policy for the connection was not found".

From the logs, I can see that the IPSec tunnel is being created fine (the IKE works, etc.)

Anyone out there seen this before? (or have an idea which security policy is missing?)

Thanks greatly in advance.

---Paul
 
Sort by date Sort by votes
I'm having this same problem, did you ever find a solution for it?
 
Upvote 0 Downvote
The security policy that is missing is normally created automatically by RRAS and registered with Policy agent when the connection is negotiated. You can't manually create it, change it or even see it through normal channels.

Error could suggest that Policy agent is not running, or started after RRAS for some reason. Policy agent must start first.
 
Upvote 0 Downvote
From working through this with MS, it appears that the problem is with my router's NAT functionality. Using L2TP requires NAT-T (translation) functionality which mine doesn't support.

Ah, well... buying a new router today.

---Paul
 
Upvote 0 Downvote
Just solved this problem on a similar setup. The problem (in my case) is that the 2000/XP-machines are not able to do the ipsec/l2tp-connection because either end is being NAT'ed. The solution is to download a patch from microsoft.

The KB article discussing the patch is on
Installed it on the XP/2000-clients and it works like a charm.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
881
iggsterman
iggsterman
lecarbajal
  • Locked
  • Question
Policy NAT for traffic coming from VPN L2L
Replies
0
Views
138
lecarbajal
lecarbajal
vcandy
  • Locked
  • Question
L2TP VPN and Vista
Replies
3
Views
91
vcandy
vcandy
sunil2suss
  • Locked
  • Question
Can't connect to Sonicwall VPN gateway from my office 1
Replies
3
Views
172
Noway2
Noway2
bendecko
  • Locked
  • Question
Windows 7 pptp client connecting Win 2K3 server cannot access internet
Replies
0
Views
93
bendecko
bendecko

Part and Inventory Search

Sponsor

Back
Top