I have an old Cisco 3005 for clients accessing a small office network which has worked fine for a long time. Since it is a very basic system -- nothing fancy just the upper management needing access to some internal resources in a single subnet -- the decision was made to use native Windows VPN client with L2TP over IPSec. New laptops ship with Windows 7 and the users are happy, but.. some of the VPN users have gotten these and complain. The system used to (and still does) work just fine with Windows XP as client but Windows 7 just does not work.
3005 is running 4.7 software. SA settings: IKE-3DES-SHA-DH2, PSK, no PFS, Main mode, Transport. Nothing special IMHO.
Looking at the log from 3005, there is pretty much nothing interesting, seems that the phase 2 is completed but after that "something" happens and Windows 7 decides to terminate the connection instead of starting L2TP:
178 07/27/2010 19:00:38.950 SEV=5 IKE/172 RPT=7 192.0.2.1
Automatic NAT Detection Status:
Remote end IS behind a NAT device
This end is NOT behind a NAT device
182 07/27/2010 19:00:39.050 SEV=4 IKE/119 RPT=7 192.0.2.1
PHASE 1 COMPLETED
183 07/27/2010 19:00:39.170 SEV=5 IKE/25 RPT=5 192.0.2.1
Received remote Proxy Host data in ID Payload:
Address 192.0.2.1, Protocol 17, Port 1701
186 07/27/2010 19:00:39.180 SEV=5 IKE/24 RPT=7 192.0.2.1
Received local Proxy Host data in ID Payload:
Address 192.0.2.99, Protocol 17, Port 1701
189 07/27/2010 19:00:39.180 SEV=5 IKE/66 RPT=5 192.0.2.1
IKE Remote Peer configured for SA: ESP-3DES-SHA-DH2-TRANSPORT
190 07/27/2010 19:00:39.300 SEV=4 IPSEC/7 RPT=1
IPSec ESP Tunnel Inb: invalid direction in security association
191 07/27/2010 19:00:39.310 SEV=4 IKE/173 RPT=5 192.0.2.1
NAT-Traversal successfully negotiated!
IPSec traffic will be encapsulated to pass through NAT devices.
194 07/27/2010 19:00:39.310 SEV=4 IKE/49 RPT=5 192.0.2.1
Security negotiation complete for User ()
Responder, Inbound SPI = 0x16aa8f52, Outbound SPI = 0x3c8c1889
197 07/27/2010 19:00:39.320 SEV=4 IKE/120 RPT=5 192.0.2.1
PHASE 2 COMPLETED (msgid=00000001)
198 07/27/2010 19:01:17.290 SEV=5 IKE/50 RPT=1 192.0.2.1
Connection terminated for peer .
Reason: Peer Terminate
Remote Proxy 192.0.2.1, Local Proxy 192.0.2.99
Message was edited by: Will White: change subject to closed, will never work