No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-why the IKE debug message appeared when the windows 8 installed L2TP VPN client connect to USG5300.

Publication Date:  2014-10-31 Views:  68 Downloads:  0
Issue Description
we did not configure any  IKE related command on USG5300,But when WINDOWS 8 installed L2TP VPN client connect the LNS ,
we can see the  “connection fail “ error  ,by” debugging l2tp “all and ”debugging ppp all” , there are many IKE negotiation  fail message  displayed .
Alarm Information
none
Handling Process
1.checking the L2TP  configuration on PC ,and it is corret .
2.checking the L2TP  configuration  on Firewall ,also there is no problem ,
3.connect by L2TP VPN CLENT SOFTWARE in window7 ,and there is no any problem.
4.open the debug and find that there are many IKE negotiation  fail message .
Root Cause
By default ,Windows 8 OS use IPSec to transmit the L2TP data ,in this case ,if customer  connect the LNS  by Windows  L2TP client ,the computer will Build the IKE session first ,but on the USG there is not any IKE configurations ,finally the IKE connect will fail .we can forbid this  default policy in Registry table .
Solution
Open “run” and input “regedit”
 

Search the main key with this path:“ HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters ”.



Add a value(DWORD) for this Main key ,VALUE: ProhibitIPSec ,data type : REG_DWORD,value :1 .
Please  note that regardless of 32-bit OS  machine or  64-bit OS machine ,please create  DWORD type ,and the name is “ProhibitIPSec”,
The upper case and lower case must be the same strictly.



Configuration is as below :


5.reboot the pc and the configuration will take effect.

6. connect again and it will  be successful
Suggestions
On windows8 installed L2TP client ,if it cannot connect the LNS ,please open the debug switch to see  the negotiate message ,so that we can know the where is the error .

END