Re: L2TP-over-IPsec (may be off topic)

[Sake Blok <sake () euronet nl>]

On 14 sep 2010, at 19:01, Kok-Yong Tan wrote:

> However, I have a physically separate hardware firewall in between  
> the endpoints (a L2TP-over-IPsec client and a L2TP-over-IPsec server)  
> and I've discovered that the L2TP-over-IPsec VPN will only  
> successfully connect if UDP port 1701 is open on the firewall.

What do you mean by successfully connect? If that means the L2TP-over-IPsec client and the L2TP-over-IPsec server can 
communicate with each other? Did you check whether there is actually a tunnel formed? If not, it's just a L2TP 
connection and that will work, but it will not be encrypted.

It seems like the L2TP tunnel just does not trigger the IPsec encapsulation to kick in. What does a network trace say? 
Only traffic on UDP port 1701, no UDP-500, no ip proto 50 and no UDP port 4500? That would be in sync with the above.

What type of L2TP-over-IPsec client and L2TP-over-IPsec server are involved?

Cheers,
Sake


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe