Site to Site IPSec/L2TP VPN under Server 2003

gobbo

gobbo

gobbo

Soldato
Joined
25 Dec 2002
Posts
2,862
Help!

I'm trying to establish a Site to Site IPSec/L2TP VPN under Server 2003 and having very little luck.

I've configured both servers according to the MS "How to Configure IPSec Tunnelling" docs, but still can't get it to work.

The initiating server sends the ISAKMP packets which are received by the other server, but no luck in getting it to negoaitate the tunnel.

Any advice?
 
what device is the other endpoint?

Have you enabled logging?

1.

Enable IKE logging. On Windows XP systems, use the regedit utility to enable IKE logging in the system registry. On Windows systems, IKE logging is configured using the Oakley[6] key.

CAUTION: Incorrectly editing the registry may severely damage the system. Before making changes to the registry, HP recommends that you back up the registry and any valued data on the computer. Refer to the article How to back up, edit, and restore the registry in Windows XP and Windows Server 2003 in the Windows Knowledge Base for more information. The Windows Knowledge Base is available at http://support.microsoft.com


Set the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PolicyAgent\Oakley\EnableLogging REG_DWORD value to 1. On some Windows versions, you may need to create the Oakley key.

On Windows 2003 systems, enter the following command to enable IKE logging:

netsh ipsec dynamic set config ikelogging 1
2.

Stop and restart the IP Security service. You can use the following commands at the Windows command prompt:

net stop policyagent

net start policyagent

Refer to “Step 9: Starting the IP Security Service” for more information.
3.

Reproduce the problem.
4.

View the IKE log file. Windows creates the log file in the directory systemroot\Debug (by default, this is the WINDOWS\Debug directory). The file name is Oakley.log.
5.

Disable IKE logging. On Windows XP systems, set the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PolicyAgent\Oakley\EnableLogging REG_DWORD value to 0.

On Windows 2003 systems, enter the following command:

netsh ipsec dynamic set config ikelogging 0
6.

Stop and restart the IP Security service.
 
You must log in or register to reply here.
Back
Top Bottom