Re: [nn] L2TP Dialup

To:	"Jeffy Koh" <jeffy.koh@gmail.com>
Subject:	Re: [nn] L2TP Dialup
From:	"Kai Krebber" <Kai.Krebber@krick.net>
Date:	Thu, 8 Mar 2007 09:29:41 +0100
Cc:	nn@qorbit.net
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	ns-list2@consult.net
Delivered-to:	nn@qorbit.net
List-archive:	<http://www.qorbit.net/nn>
List-help:	<mailto:nn-request@qorbit.net?subject=help>
List-id:	"Netscreen mailing list for netscreen admins." <nn.qorbit.net>
List-post:	<mailto:nn@qorbit.net>
List-subscribe:	<http://qorbit.net/mailman/listinfo/nn>, <mailto:nn-request@qorbit.net?subject=subscribe>
List-unsubscribe:	<http://qorbit.net/mailman/listinfo/nn>, <mailto:nn-request@qorbit.net?subject=unsubscribe>
Sender:	nn-bounces@qorbit.net
Thread-index:	AcdhE2QOXJKHUkU/QLK6AioZ4evd5wARqc8Q
Thread-topic:	[nn] L2TP Dialup

Hi!

I tried with 5.4r3 and didn’t get it working. To be honest – I don’t really suspect an OS-Problem here, but I assume, it’s me not knowing the right steps to get it working. Partly because of my lack of Windows-know how. I got a document, describing all the steps for ancient W2k and tried it, but I couldn’t even get the Policyagent started…

Cheers,

Kai Krebber

Von: Jeffy Koh [mailto:jeffy.koh@gmail.com]
Gesendet: Donnerstag, 8. März 2007 00:50
An: Martin Schulman
Cc: Kai Krebber; John Cameron; nn@qorbit.net
Betreff: Re: [nn] L2TP Dialup

Netscreen Firmware 5.3 is not working also. Anyone have tried 5.4?

On 3/8/07, Martin Schulman <mschulma@isoc.org> wrote:

This appears to be the same problem I asked about two months ago...

http://www.qorbit.net/nn/Jan-2007/4333.html

It would be nice if a lurker from Juniper offered a definitive response specific to one or more software versions. Do they consider the Windows XP SP2 NAT traversal implementation broken? Or did they do something special to work with the Safenet client?

Marty

----- Original Message -----

From: Jeffy Koh

To: Kai Krebber

Cc: John Cameron ; nn@qorbit.net

Sent: Wednesday, March 07, 2007 8:39 AM

Subject: Re: [nn] L2TP Dialup

Guys,

I manage to get it work by using certificate but the Internet connection must be direct. It will fail if there is a router or NAT in front of the Windows Client. Useless technology...

regards,

Jeffy Koh

On 3/6/07, Kai Krebber <Kai.Krebber@krick.net > wrote:

Hi, John!

Found a pdf describing exactly, what I was looking for. Only it doesn't work. If I set up the windows-client as descript, I doesn't even try to start ike negotiations. Instead I directly get an error 768 (faulty encryption) as soon as I hit the 'connect' button.
I assume Windows doesn'r know, what certificates to use for the connection and I don't find the part of the configuration where I can link the appropriate certificates to the vpn connection.

To make matters worse, I can't even ping the Netscreen (WAN) anymore. It looks like windows is trying to negotiate ipsec already although I'm not trying to use the vpn.

I know that this is gliding a bit off topic since the problems seem to lie on the windows side and not the netscreen. I still hope, somebody got those two up and running with l2tp over ipsec with certs and can help me out here.
Cheers,
Kai

-----Ursprüngliche Nachricht-----
Von: John Cameron [mailto:John.Cameron@brennanit.com.au ]
Gesendet: Dienstag, 6. März 2007 13:11
An: Kai Krebber; Badu Jack
Cc: nn@qorbit.net
Betreff: RE: [nn] L2TP Dialup

I have seen that error before when I was setting up a remote vpn via the NS remote client.

The problem was the policy was not higher up in the order.

I remember reading how to set something up like that with Windows and certs at http://www.netscreenforum.com/ - Do a search. Then again it may have been somewhere else.

John

-----Original Message-----
From: nn-bounces@qorbit.net [mailto: nn-bounces@qorbit.net] On Behalf Of Kai Krebber
Sent: Tuesday, 6 March 2007 10:35 PM
To: Badu Jack
Cc: nn@qorbit.net
Subject: Re: [nn] L2TP Dialup

Hi!

Seems impossible to me. According to Netscreen Article KB6865,
One has to use certificates with native WinXP, but I can't get it
Working. Also there are rumours of successful connections, I didn't
find any step by step guide for both sides (NS and XP) using
dynamic client IP and certs.
My Netscreen always complains:
Rejected an IKE packet ... because the peer sent a packet with a
message ID before Phase 1 authentication was done.
My certs work fine with the NS remote-client (i.e. the certs are not
the problem)

So I assume Juniper boycotts the native XP-Capabilities to sell their Client
(please prove me wrong, anybody).

Cheers,
Kai

-----Ursprüngliche Nachricht-----
The second question is, is it possible to use winxp for remote dialup to
connect with the
NS-5GT using IPSEC and L2TP dialup protocols.

Cheers

_________________________________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn

_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn

_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [nn] L2TP Dialup, Kai Krebber Re: [nn] L2TP Dialup, Kai Krebber Re: [nn] L2TP Dialup, Kai Krebber Re: [nn] L2TP Dialup, Jeffy Koh Re: [nn] L2TP Dialup, Martin Schulman Re: [nn] L2TP Dialup, Jeffy Koh Re: [nn] L2TP Dialup, Kai Krebber <=

Previous by Date:	Re: [nn] L2TP Dialup, Jeffy Koh
Next by Date:	[nn] unsubscribe, stratoscape
Previous by Thread:	Re: [nn] L2TP Dialup, Jeffy Koh
Next by Thread:	[nn] Forwarding Multicast Packets, Joe Michl
Indexes:	[Date] [Thread] [Top] [All Lists]