+ Post New Thread
Results 1 to 11 of 11
Internet Related/Filtering/Firewall Thread, ISA Server L2TP VPN troubles in Technical; Hi everyone, Looking for some assistance please! I have an ISA 2006 server on which I have setup L2TP/IPSec vpn ...
  1. #1
    Craggus2000's Avatar
    Join Date
    May 2008
    Location
    Chelmsford
    Posts
    63
    Thank Post
    1
    Thanked 8 Times in 5 Posts
    Rep Power
    14

    ISA Server L2TP VPN troubles

    Hi everyone,

    Looking for some assistance please!
    I have an ISA 2006 server on which I have setup L2TP/IPSec vpn connections with PSK.
    Problem is, no clients are managing to connect, they get error 809. As far as I know all the relevant ports are open (maybe someone could list all the ports needed so I can confirm this? I've found varying lists while searching t'interweb.... )

    PPTP connections work fine.

    Here is the log from the ISA server with all relevant entries - can anyone shed some light pretty please?!

    Code:
    Original Client IP	Source Port	Client IP	Destination IP	Destination Port	Protocol	Transport	Source Network	Destination Network	Action	Log Time	GMT Log Time	Processing Time	Bytes Sent	Bytes Received	Result Code
    <user ip>	500	<user ip>	<server ip>	500	IKE Client	UDP	External	Local Host	Initiated Connection	04/06/2011 09:13	04/06/2011 08:13	0	0	0	0x0 ERROR_SUCCESS
    <user ip>	4500	<user ip>	<server ip>	4500	IPsec NAT-T Client	UDP	External	Local Host	Initiated Connection	04/06/2011 09:13	04/06/2011 08:13	0	0	0	0x0 ERROR_SUCCESS
    10.10.1.7	8	10.10.1.7	10.10.1.1	0	PING	ICMP	Local Host	Internal	Initiated Connection	04/06/2011 09:13	04/06/2011 08:13	0	0	0	0x0 ERROR_SUCCESS
    192.168.2.1	137	192.168.2.1	10.10.1.1	137	NetBios Name Service	UDP	Local Host	Internal	Denied Connection	04/06/2011 09:13	04/06/2011 08:13	0	0	0	0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
    192.168.2.1	137	192.168.2.1	10.10.1.1	137	NetBios Name Service	UDP	Local Host	Internal	Denied Connection	04/06/2011 09:13	04/06/2011 08:13	0	0	0	0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
    192.168.2.1	137	192.168.2.1	10.10.1.1	137	NetBios Name Service	UDP	Local Host	Internal	Denied Connection	04/06/2011 09:13	04/06/2011 08:13	0	0	0	0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
    192.168.2.1	56364	192.168.2.1	10.10.1.1	139	NetBios Session	TCP	Local Host	Internal	Denied Connection	04/06/2011 09:13	04/06/2011 08:13	0	0	0	0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
    192.168.2.1	56364	192.168.2.1	10.10.1.1	139	NetBios Session	TCP	Local Host	Internal	Denied Connection	04/06/2011 09:13	04/06/2011 08:13	0	0	0	0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
    192.168.2.1	56364	192.168.2.1	10.10.1.1	139	NetBios Session	TCP	Local Host	Internal	Denied Connection	04/06/2011 09:14	04/06/2011 08:14	0	0	0	0xc0040030 FWX_E_OUTBOUND_PATH_THROUGH_DROPPED
    10.10.1.7	56357	10.10.1.7	10.10.1.5	88	Kerberos-Sec (UDP)	UDP	Local Host	Internal	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	60000	326	1373	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	56358	10.10.1.7	10.10.1.5	88	Kerberos-Sec (UDP)	UDP	Local Host	Internal	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	60000	1346	1328	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	7612	10.10.1.7	10.10.1.1	53	DNS	UDP	Local Host	Internal	Initiated Connection	04/06/2011 09:14	04/06/2011 08:14	0	0	0	0x0 ERROR_SUCCESS
    10.10.1.7	36584	10.10.1.7	10.10.1.1	53	DNS	UDP	Local Host	Internal	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	60000	63	132	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	51767	10.10.1.7	10.10.1.1	53	DNS	UDP	Local Host	Internal	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	60000	56	125	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	44933	10.10.1.7	10.10.1.1	53	DNS	UDP	Local Host	Internal	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	60000	66	169	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	61848	10.10.1.7	10.10.1.1	53	DNS	UDP	Local Host	Internal	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	60000	59	162	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	46345	10.10.1.7	10.10.1.1	53	DNS	UDP	Local Host	Internal	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	60000	60	163	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	26630	10.10.1.7	10.10.1.1	53	DNS	UDP	Local Host	Internal	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	60000	64	167	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	47869	10.10.1.7	10.10.1.1	53	DNS	UDP	Local Host	Internal	Initiated Connection	04/06/2011 09:14	04/06/2011 08:14	0	0	0	0x0 ERROR_SUCCESS
    10.10.1.7	56373	10.10.1.7	10.10.1.1	389	LDAP (UDP)	UDP	Local Host	Internal	Initiated Connection	04/06/2011 09:14	04/06/2011 08:14	0	0	0	0x0 ERROR_SUCCESS
    10.10.1.1	65391	10.10.1.1	10.34.1.11	53	DNS	UDP	Internal	External	Initiated Connection	04/06/2011 09:14	04/06/2011 08:14	0	0	0	0x0 ERROR_SUCCESS
    10.10.1.1	63866	10.10.1.1	10.34.1.11	53	DNS	UDP	Internal	External	Initiated Connection	04/06/2011 09:14	04/06/2011 08:14	0	0	0	0x0 ERROR_SUCCESS
    10.10.1.7	8	10.10.1.7	10.10.1.1	0	PING	ICMP	Local Host	Internal	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	60734	60	60	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    <server ip>	56343	<server ip>	10.34.1.54	8084	Unidentified IP Traffic (TCP:8084)	TCP	Local Host	External	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	0	12336	4356	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    <server ip>	56345	<server ip>	10.34.1.54	8084	Unidentified IP Traffic (TCP:8084)	TCP	Local Host	External	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	0	14589	4748	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    <server ip>	56347	<server ip>	10.34.1.54	8084	Unidentified IP Traffic (TCP:8084)	TCP	Local Host	External	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	0	17461	4836	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    <server ip>	56336	<server ip>	10.34.1.54	8084	Unidentified IP Traffic (TCP:8084)	TCP	Local Host	External	Closed Connection	04/06/2011 09:14	04/06/2011 08:14	0	19729	10721	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	56342	10.10.1.7	10.10.1.7	8080	WPAD	TCP	Local Host	Local Host	Closed Connection	04/06/2011 09:15	04/06/2011 08:15	122000	12659	4589	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	56344	10.10.1.7	10.10.1.7	8080	WPAD	TCP	Local Host	Local Host	Closed Connection	04/06/2011 09:15	04/06/2011 08:15	122000	14952	4861	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    10.10.1.7	56346	10.10.1.7	10.10.1.7	8080	WPAD	TCP	Local Host	Local Host	Closed Connection	04/06/2011 09:15	04/06/2011 08:15	122000	17824	4829	0x80074e21 FWX_E_ABORTIVE_SHUTDOWN
    10.10.1.7	56335	10.10.1.7	10.10.1.7	8080	WPAD	TCP	Local Host	Local Host	Closed Connection	04/06/2011 09:15	04/06/2011 08:15	122000	20252	10674	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
    Starting to tear my hair out now!

    Thanks very much in advance

  2. #2

    Join Date
    Jan 2010
    Posts
    101
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    11
    hi craggus

    i will have a look see what you have posted, do you have a dummy user details with which i could test with? from my isa2006.

    will pm you my details if that helps

    andy

  3. #3

  4. #4

    Join Date
    Jan 2010
    Posts
    101
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    11
    from microsoft in relation to error 809

    809
    The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g., firewalls, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.

  5. #5

    Join Date
    Jan 2010
    Posts
    101
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    11
    can you get the error log from the client end as well ?

  6. #6

    Join Date
    Jan 2010
    Posts
    101
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    11
    last question - is the isa server patched ?

  7. #7

    Join Date
    Nov 2007
    Location
    Nottingham
    Posts
    116
    Thank Post
    7
    Thanked 23 Times in 14 Posts
    Rep Power
    17
    Interested in an answer to this also.

    I've been trying to get L2TP working, laptops won't connect externally, however my android phone will!!!

    Ports are 500 for IKE, 4500 for IPsec and 1701 for L2TP

    Have you tried to VPN from within your network to the internal ISA address just to prove that works?

  8. #8

    Join Date
    Jan 2010
    Posts
    101
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    11
    @pricho not had any reply to my pm, so have not be able to help, the way i would normaly test my isa is from my win 2k3 server on fixed open external ip as you can ask isa to monitor all traffic from an IP which helps in finding the issue.

  9. #9
    Craggus2000's Avatar
    Join Date
    May 2008
    Location
    Chelmsford
    Posts
    63
    Thank Post
    1
    Thanked 8 Times in 5 Posts
    Rep Power
    14
    Sorry guys, not had a chance to come back to this this week, as had a few things hitting the fan.... I'm going to try towards the end of the week again.

    @lordasb Thanks for the offer of assistance. Will sort out some credentials for you to test with, not sure why 809 is appearing as it works fine with pptp, just not l2tp. The isa server is fully patched as of a month or 2 ago. Will try again from a client and get the logs off that too.

    @PRicho PPTP and L2TP work fine internally.

  10. #10

    Join Date
    Nov 2007
    Location
    Nottingham
    Posts
    116
    Thank Post
    7
    Thanked 23 Times in 14 Posts
    Rep Power
    17
    I've finally resolved my L2TP issue - Maybe it will help you.

    Within Windows | Connecting to a VPN server via L2TP/IPsec, behind layers of NAT

  11. #11

    Join Date
    Jan 2010
    Posts
    101
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    11
    nice to hear pricho, i did get a pm but i know its still exam time out there in the school so that might be holding up contact from craggus

SHARE:
+ Post New Thread

Similar Threads

  1. smoothwall l2tp vpn
    By Ravikumar in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 22nd November 2010, 03:27 PM
  2. ISA 2006 problems with OWA and VPN
    By Gatt in forum Internet Related/Filtering/Firewall
    Replies: 16
    Last Post: 10th August 2009, 05:15 PM
  3. Isa server vpn problem
    By Jamie_a in forum Wireless Networks
    Replies: 1
    Last Post: 19th November 2008, 10:35 AM
  4. ISA Server 2006 Remote VPN
    By Michael_84 in forum Wireless Networks
    Replies: 0
    Last Post: 19th February 2008, 05:41 PM
  5. L2TP/IPSEC based VPN using ISA Server
    By Norphy in forum Wireless Networks
    Replies: 2
    Last Post: 22nd June 2007, 02:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •