Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
1
Replies

IPSec/L2TP server behind the NAT

Algirdasss
Level 1
Level 1

‎03-12-2008 10:34 PM - edited ‎03-09-2019 08:18 PM

Hi,

I try to set up Cisco 850 router behind the nat and allow clients to create VPN tunnels to it. I get the following error on IKE phase 2:

ISAKMP:(2022): IPSec policy invalidated proposal with error 1024

What does it means and how to fix it?

What I know for sure (tested):

1. Connection is made without problems when NAT is removed betweem server and client

2. Connection is made without problems when Client (not Server) is behind the NAT

3. Client is NAT-T capable (Windows XP SP2. I turned on this feature in the registry as described in Cisco and Microsoft manuals)

4. It does't matter if I forward ports (UDP 500 and UDP 4500) or make Server in DMZ. So it's not port problem.

Labels:
Preview file
20 KB
Preview file
5 KB
0 Helpful
1 Reply 1

Not applicable

‎03-18-2008 02:51 PM

This pertains to be an issue with parameter matching on both the ends. Make sure transform-set is configured correctly on both the ends. Check the microsoft article available at http://support.microsoft.com/?id=818043 .

0 Helpful
Customers Also Viewed These Support Documents