Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec/L2TP server behind the NAT

Hi,

I try to set up Cisco 850 router behind the nat and allow clients to create VPN tunnels to it. I get the following error on IKE phase 2:

ISAKMP:(2022): IPSec policy invalidated proposal with error 1024

What does it means and how to fix it?

What I know for sure (tested):

1. Connection is made without problems when NAT is removed betweem server and client

2. Connection is made without problems when Client (not Server) is behind the NAT

3. Client is NAT-T capable (Windows XP SP2. I turned on this feature in the registry as described in Cisco and Microsoft manuals)

4. It does't matter if I forward ports (UDP 500 and UDP 4500) or make Server in DMZ. So it's not port problem.

1 REPLY
Anonymous
N/A

Re: IPSec/L2TP server behind the NAT

This pertains to be an issue with parameter matching on both the ends. Make sure transform-set is configured correctly on both the ends. Check the microsoft article available at http://support.microsoft.com/?id=818043 .

356
Views
0
Helpful
1
Replies
CreatePlease to create content