Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

l2tp/ipsec vpn on DLF-2500 configuration help

Status
Not open for further replies.
mackop

mackop

IS-IT--Management
Jul 31, 2009
1
SK
I have spent 2 day configuring L2TP/IPsec VPN for roaming clients on d-link firewall DFL-2500. The firewall keeps DROPping IPsec packets, please find the log at the end of the post. What am I missing?

I have followed manual on pages 234, 261:
ftp://ftp.dlink.co.uk/dfl_firewall/dfl-2500/NetDefendOS_220_Firewall_User_Manual_v1.06.pdf

and other manual where I ignored certificates, because I am using Pre-Shared-Keys:
ftp://ftp.dlink.co.uk/dfl_firewall/dfl-800/DFL-800_1600_2500-VPNwithCertification.pdf

Before, I successfully configured PPTP vpn following:
ftp://ftp.dlink.co.uk/dfl_firewall/dfl-800/DFL-800_1600_2500-VPN_PPTP_Server_for_remote_access.pdf

Please, help me find out what I am missing with l2tp/ipsec.
Thank you,
Peter

Log:
2009-07-31
10:32:38 Warning RULE
06000051 Default_Access_Rule UDP l2tp_ipsec
190.190.190.111
190.190.190.15 1701
1701 ruleset_drop_packet
drop
rev=1 ipdatalen=107 udptotlen=107

2009-07-31
10:32:37 Warning RULE
06000051 Default_Access_Rule UDP l2tp_ipsec
190.190.190.111
190.190.190.15 1701
1701 ruleset_drop_packet
drop
rev=1 ipdatalen=107 udptotlen=107

2009-07-31
10:32:37 Warning RULE
06000051 Default_Access_Rule UDP l2tp_ipsec
190.190.190.111
190.190.190.15 1701
1701 ruleset_drop_packet
drop
rev=1 ipdatalen=107 udptotlen=107

2009-07-31
10:32:37 Info CONN
00600001 IPsecBeforeRules ESP wan1
core 190.190.190.111
190.190.190.15
conn_open
rev=1 conn=open connsrcid=0 conndestid=0

2009-07-31
10:32:37 Info IPSEC
01803021
ipsec_sa_statistics
rev=1 done=13 success=13 failed=0

2009-07-31
10:32:37 Info IPSEC
01802045
ipsec_sa_lifetime
rev=1 kb=250000 sec=3600

2009-07-31
10:32:37 Info IPSEC
01800102
ipsec_event
rev=1 message=""

2009-07-31
10:32:37 Info IPSEC
01802043
ipsec_sa_informal
rev=1 spiin=2512160560 spiout=549791857 alg=3des-cbc keysize= mac=hmac-md5-96

2009-07-31
10:32:37 Info IPSEC
01802058
ipsec_sa_informal
rev=1 local_id=190.190.190.15 udp:1701 remote_id=190.190.190.111

2009-07-31
10:32:37 Info IPSEC
01802704
ike_sa_negotiation_completed
ike_sa_completed
rev=1 local_peer="190.190.190.15 ID 190.190.190.15" remote_peer="190.190.190.111 ID 190.190.190.111" int_severity=6

2009-07-31
10:32:37 Info IPSEC
01802040
ipsec_sa_negotiation_completed
ipsec_sa_enabled
rev=1 sa=Responder info=

2009-07-31
10:32:37 Info IPSEC
01802703
ike_sa_negotiation_completed
ike_sa_completed
rev=1 local_peer="190.190.190.15 ID 190.190.190.15" remote_peer="190.190.190.111 ID 190.190.190.111" spis="Initiator SPI bb9e51a3
68122d4e Re

2009-07-31
10:32:37 Info IPSEC
01802024
ike_sa_negotiation_completed
rev=1 options=Responder mode=Main Mode auth=Pre-shared keys encryption=3des-cbc keysize= hash=sha1 dhgroup=2 bits=1024
lifetime=28800

2009-07-31
10:32:37 Info IPSEC
01800102
ipsec_event
rev=1 message=""
 
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
567
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
406
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
344
sircles
sircles
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
315
Joon Smith
Joon Smith

Part and Inventory Search

Sponsor

Back
Top