Hi, John!
Found a pdf describing exactly, what I was looking for. Only it doesn't work.
If I set up the windows-client as descript, I doesn't even try to start ike
negotiations. Instead I directly get an error 768 (faulty encryption) as soon
as I hit the 'connect' button.
I assume Windows doesn'r know, what certificates to use for the connection and
I don't find the part of the configuration where I can link the appropriate
certificates to the vpn connection.
To make matters worse, I can't even ping the Netscreen (WAN) anymore. It looks
like windows is trying to negotiate ipsec already although I'm not trying to
use the vpn.
I know that this is gliding a bit off topic since the problems seem to lie on
the windows side and not the netscreen. I still hope, somebody got those two up
and running with l2tp over ipsec with certs and can help me out here.
Cheers,
Kai
-----Ursprüngliche Nachricht-----
Von: John Cameron [mailto:John.Cameron@brennanit.com.au]
Gesendet: Dienstag, 6. März 2007 13:11
An: Kai Krebber; Badu Jack
Cc: nn@qorbit.net
Betreff: RE: [nn] L2TP Dialup
I have seen that error before when I was setting up a remote vpn via the NS
remote client.
The problem was the policy was not higher up in the order.
I remember reading how to set something up like that with Windows and certs at
http://www.netscreenforum.com/ - Do a search. Then again it may have been
somewhere else.
John
-----Original Message-----
From: nn-bounces@qorbit.net [mailto:nn-bounces@qorbit.net] On Behalf Of Kai
Krebber
Sent: Tuesday, 6 March 2007 10:35 PM
To: Badu Jack
Cc: nn@qorbit.net
Subject: Re: [nn] L2TP Dialup
Hi!
Seems impossible to me. According to Netscreen Article KB6865,
One has to use certificates with native WinXP, but I can't get it
Working. Also there are rumours of successful connections, I didn't
find any step by step guide for both sides (NS and XP) using
dynamic client IP and certs.
My Netscreen always complains:
Rejected an IKE packet ... because the peer sent a packet with a
message ID before Phase 1 authentication was done.
My certs work fine with the NS remote-client (i.e. the certs are not
the problem)
So I assume Juniper boycotts the native XP-Capabilities to sell their Client
(please prove me wrong, anybody).
Cheers,
Kai
-----Ursprüngliche Nachricht-----
The second question is, is it possible to use winxp for remote dialup to
connect with the
NS-5GT using IPSEC and L2TP dialup protocols.
Cheers
_________________________________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
|