L2TP/IPSEC error connecting via Frelay and 2 Firewalls

prossouw · ‎11-05-2002

39526 10/31/2002 12:17:34.910 SEV=4 IKE/1 RPT=6 a.a.a.a (the pc client ip)

Group [alfa] User [beta]

Received invalid phase 2 L2TP/IPSec Responder ID payload

Expected ID: Type 1, Proto 17, Port 1701, Addr x.x.x.x (VPN 3015 real IP)

Received ID: Type 1, Proto 0, Port 0, Addr y.y.y.y (VPN 3015 natted IP)

My Client gets the above error from a VPN Client connect that traverses a Frame Relay Wan and then 2x Checkpoint1 Firewalls, lets call then fwa and fwb.

The Vpn is connected to fwb and its IP is natted on fwb. I myself am connected to fwb and connect successfully to the VPN NAT address.

Both PC VPN Clients are v3.1.1 on win2k and the VPN 3015 runs:

Bootcode Rev: Cisco Systems, Inc./VPN 3000 Concentrator Series Version 2.5.Rel Jun 21 2000 18:57:52

Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Series Version 3.0.3.B Jul 24 2001 15:30:32

Any ideas about what the problem could be. WIN2K or VPN client issue?

bhubert · ‎11-07-2002

I am having the same problem connecting my VPN client to the VPN 3005.

I get the same error type:

Expected ID: Type 1, Proto 17, Port 1701, Addr x.x.x.x (VPN 3005 Public IP)

Received ID: Type 1, Proto 0, Port 0, Addr y.y.y.y (Client Public IP)

I am running both 3.6.3 versions of the client and server.

If you get any replies please let me know. I was able to connect MSft's XP Pro IPSEC Client without a problem but the VPN Client on the same XP box isn't working. Very frustrating.

B

prossouw · ‎01-24-2003

I had "L2TP over IPSEC" ticked on the group./ Changed it to just "IPSEC" and error went away.

Not sure whether it is an O/S problem or a VPN Client issue.