L2TP on Windows 10, both firewall and client behind NAT, cannot connect.
I finished migrating our business from mixed Zywalls to VPNxxx under SDWAN.
Now I see our 8 branches connected to our main site... yay!
New problem is: I need to grant external users an access to internal resources. To keep an easy example: i'd like to let a single user connect his Windows 10 Pro computer to our main site.
I went in main site's device configuration, Enabled "VPN Client to AutoVPN", selected the correct WAN interface, selected "local user", create a new user and sent configuration file.
Since my firewall AND client are behind a Nat, enabled "support servers behind nat".
In my router's configuration, opened 3 nat rules, 500, 4500, 1701 (both tcp/udp) to firewall's wan IP.
Client side, imported the L2TP VPN. BUT i'm stuck at Windows being unable to negotiate encryption parameters...
Already modified registry with this entry:
I keep getting RAS error 788. Everything i've read so far doesn't get me to a working connection...
In my firewall's logs i keep reading:
|ISAKMP SA  is disconnected|
|The cookie pair is : 0xc34d09542c0b343b / 0x0000000000000000|
|Recv Main Mode request from [5.ZZ.XX.YY]|
|[SA] : No proposal chosen|
|Recv IKE sa: SA( protocol = IKE (1), AES CBC key len = 256, HMAC-SHA1 PRF, HMAC-SHA1-96, 384 bit ECP, AES CBC key len = 128, 256 bit ECP, 2048 bit MODP, 3DES, 1024 bit MODP; ).|
Any help you'd like to share would be very appreciated... Thanks!
P.S. during migration, I HAD to edit default Organization/OrgPlan/IPSec Policy, now they are as follows:
DH Group: 2
Tryied various combination but to no avail ...
Sign In to comment.