|
This appears to be the same problem I asked about two
months ago...
It would be nice if a lurker from Juniper offered a definitive
response specific to one or more software versions. Do they consider the
Windows XP SP2 NAT traversal implementation broken? Or did they do
something special to work with the Safenet client?
Marty
----- Original Message -----
Sent: Wednesday, March 07, 2007 8:39
AM
Subject: Re: [nn] L2TP Dialup
Guys,
I manage to get it work by using certificate but the Internet connection
must be direct. It will fail if there is a router or NAT in front of the
Windows Client. Useless technology...
regards,
Jeffy Koh
On 3/6/07, Kai
Krebber <Kai.Krebber@krick.net>
wrote:
Hi,
John!
Found a pdf describing exactly, what I was looking for. Only it
doesn't work. If I set up the windows-client as descript, I doesn't even try
to start ike negotiations. Instead I directly get an error 768 (faulty
encryption) as soon as I hit the 'connect' button.
I assume Windows
doesn'r know, what certificates to use for the connection and I don't find
the part of the configuration where I can link the appropriate certificates
to the vpn connection.
To make matters worse, I can't even ping the
Netscreen (WAN) anymore. It looks like windows is trying to negotiate ipsec
already although I'm not trying to use the vpn.
I know that this is
gliding a bit off topic since the problems seem to lie on the windows side
and not the netscreen. I still hope, somebody got those two up and running
with l2tp over ipsec with certs and can help me out here.
Cheers,
Kai
-----Ursprüngliche Nachricht-----
Von: John Cameron [mailto:John.Cameron@brennanit.com.au]
Gesendet:
Dienstag, 6. März 2007 13:11
An: Kai Krebber; Badu Jack
Cc: nn@qorbit.net
Betreff: RE: [nn] L2TP
Dialup
I have seen that error before when I was setting up a remote
vpn via the NS remote client.
The problem was the policy was not
higher up in the order.
I remember reading how to set something up
like that with Windows and certs at http://www.netscreenforum.com/ -
Do a search. Then again it may have been somewhere else.
John
-----Original Message-----
From: nn-bounces@qorbit.net [mailto:nn-bounces@qorbit.net] On Behalf Of
Kai Krebber
Sent: Tuesday, 6 March 2007 10:35 PM
To: Badu Jack
Cc:
nn@qorbit.net
Subject: Re: [nn] L2TP
Dialup
Hi!
Seems impossible to me. According to Netscreen
Article KB6865,
One has to use certificates with native WinXP, but I
can't get it
Working. Also there are rumours of successful connections, I
didn't
find any step by step guide for both sides (NS and XP)
using
dynamic client IP and certs.
My Netscreen always
complains:
Rejected an IKE packet ... because the peer sent a packet with
a
message ID before Phase 1 authentication was done.
My certs work
fine with the NS remote-client (i.e. the certs are not
the
problem)
So I assume Juniper boycotts the native XP-Capabilities to
sell their Client
(please prove me wrong,
anybody).
Cheers,
Kai
-----Ursprüngliche Nachricht-----
The second question is,
is it possible to use winxp for remote dialup to
connect with
the
NS-5GT using IPSEC and L2TP dialup
protocols.
Cheers
_________________________________________________________________
nn
mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
_______________________________________________
nn
mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
_______________________________________________
nn
mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
_______________________________________________
nn mailing
list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
|