3000 series concentrator and L2TP over IPSec

promig · ‎03-02-2007

All,

Anyone have any wisdom they are willing to share regarding the establishment of a L2TP over IPSec tunnel between Mac OS X and a 3000 series concentrator? I believe that the concentrator is accepted the IKE SA proposal, but I can't get any further and I'm not able to get any useful information out of the logs on either side of the tunnel. The client side simply reports that "L2TP cannot connect to the server", the concentrator reports "Connection terminated for peer". It has clearly exchanged some valid information because the concentrator has assigned the traffic to the correct group (a non-default group I've set up specially to test this connection).

Looking at the packet dump I can see the two devices exchange some information, then the client starts sending ISAKMP packets (quick mode) that the concentrator seems to ignore.

Thoughts, suggestions, anecdotes etc. are all welcome.

bwilmoth · ‎03-08-2007

Try to adjust SA lifetime and the max connect time in VPN concentrator.

Refer these links:

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_tech_note09186a0080094eca.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item09186a0080094cf4.shtml