Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
Cisco Employee

L2TP over IPSec setup with Concentrator and Windows 2000

Hi,

I am attempting to configure L2TP/IPSec between Windows 2000 and

Concentrator 3030. When I tried to make a connection from PC

client to the Concentrator, I found the following message in the Concentrator.

Does that mean I need to turn on AH in Concentrator?

I am sure that I have turned off Authentication in the Base Group and

the User inherited this.

1 06/09/2002 19:38:13.090 SEV=7 IKEDBG/0 RPT=2327 172.20.116.69

Oakley proposal is acceptable

2 06/09/2002 19:38:13.090 SEV=7 IKEDBG/28 RPT=315 172.20.116.69

IKE SA Proposal # 1, Transform # 3 acceptable

Matches global IKE entry # 2

3 06/09/2002 19:38:13.410 SEV=7 IKEDBG/0 RPT=2328 172.20.116.69

Group [VPNC_Base_Group]

Found Phase 1 Group (VPNC_Base_Group)

4 06/09/2002 19:38:13.430 SEV=5 IKE/79 RPT=39 172.20.116.69

Group [VPNC_Base_Group]

Validation of certificate successful

(CN=l2tp_ipsec, SN=7BE22559000600000393)

6 06/09/2002 19:38:13.430 SEV=7 IKEDBG/0 RPT=2329 172.20.116.69

Group [VPNC_Base_Group]

peer ID type 9 received (DER_ASN1_DN)

7 06/09/2002 19:38:13.450 SEV=4 IKE/119 RPT=268 172.20.116.69

Group [VPNC_Base_Group]

PHASE 1 COMPLETED

8 06/09/2002 19:38:13.450 SEV=6 IKE/121 RPT=268 172.20.116.69

Keep-alive type for this connection: None

9 06/09/2002 19:38:13.450 SEV=6 IKE/122 RPT=39 172.20.116.69

Keep-alives configured on but peer does not support keep-alives (type = None)

10 06/09/2002 19:38:13.450 SEV=7 IKEDBG/0 RPT=2330 172.20.116.69

Group [VPNC_Base_Group]

Starting phase 1 rekey timer: 21600000 (ms)

11 06/09/2002 19:38:13.500 SEV=5 IKE/25 RPT=145 172.20.116.69

Group [VPNC_Base_Group]

Received remote Proxy Host data in ID Payload:

Address 172.20.116.69, Protocol 17, Port 1701

14 06/09/2002 19:38:13.500 SEV=5 IKE/24 RPT=145 172.20.116.69

Group [VPNC_Base_Group]

Received local Proxy Host data in ID Payload:

Address 172.20.106.104, Protocol 17, Port 0

17 06/09/2002 19:38:13.500 SEV=5 IKE/66 RPT=247 172.20.116.69

Group [VPNC_Base_Group]

IKE Remote Peer configured for SA: ESP-L2TP-TRANSPORT

18 06/09/2002 19:38:13.500 SEV=5 IKEDBG/0 RPT=2331

AH proposal not supported

19 06/09/2002 19:38:13.500 SEV=4 IKE/0 RPT=314 172.20.116.69

Group [VPNC_Base_Group]

All IPSec SA proposals found unacceptable!

20 06/09/2002 19:38:13.500 SEV=4 IKEDBG/0 RPT=2332

QM FSM error (P2 struct &0x3eacff8, mess id 0x3186b058)!

21 06/09/2002 19:38:13.500 SEV=4 IKEDBG/0 RPT=2333

QM FSM history (P2 struct &0x3eacff8):

[13, 52], [3, 32], [3, 44], [3, 31]

22 06/09/2002 19:38:13.500 SEV=6 IKE/0 RPT=315 172.20.116.69

Group [VPNC_Base_Group]

Removing peer from correlator table failed, no match!

Thanks,

Madeleine

1 REPLY
Cisco Employee

Re: L2TP over IPSec setup with Concentrator and Windows 2000

I have fixed the above problem.

But now my question is: why on the VPN3005 Concentrator shows L2TP connections? If I uncheck L2TP option, and leave the L2TP over IPSec on, then VPN3005 would be getting "Tunneling protocol not allowed."

How to make VPN3005 display L2TP over IPSec?

Thanks,

Madeleine

413
Views
0
Helpful
1
Replies
CreatePlease to create content