Currently trying to establish L2TP IPSec VPN tunnels between Windows XP remote client and Windows 2003 RRAS Server.
Both the XP remote client and the W2003 RRAS Server are behind RVS4000 routers.
Have established that the W2003 RRAS server will accept L2TP IPSec connections from clients behind the Cisco RVS4000 router [LAN clients].
Can not establish remote L2TP IPSec connections through the RVS4000 routers. Have established that PPTP VPN through the RVS4000 routers. Both routers are running version 184.108.40.206
Both RVS 4000 routers are configured for PPTP, IPSec, & L2TP VPN passthrough with UDP port 1701 being forwarded to the RRAS server by the
RVS 4000 router. PPTP VPN connections have no problem.
Error code is 792
The problem appears to be with IPSec passthrough. UDP port 1701 is being forwarded to the RRAS server. Can not create port rules for IKE 500 or IP Protocol 50/4500 on the RVS4000 because those policies conflict with forwarding UDP1701.
Any guidance on why the IPSec fails through the RVS4000 for remote access clients but IPSec is successful in establishing a connection to the RRAS server using LAN clients.
1. Never forward UDP port 1701. UDP port 1701 is used for L2TP. However, L2TP is supposed to be tunneled inside an IPSec tunnel. Exposing an L2TP server directly to the internet can be a security risk. Don't do that.
2. What you have to have to forward is UDP port 500 for IKE (establishing the IPSec connection) and possibly TCP/UDP port 4500 for NAT traversal of IPSec. There should be no conflict there. If there is, I guess it's because the RVS4000 has its own IPSec implementation.
3. LAN works because there is NAT involved and thus there is no need for port forwarding, NAT traversal or anything similar.