A company asked me to setup remote access to a secure database for them using W2003 RRAS. Sure, no problem, done it many times. Server is up, access rules created, router configured to forward L2TP requests to the RRAS server… PPTP works perfectly but L2TP IPSec with certificates and/or preshared key, fails.
After a couple of days of 1 hour here, 1 hour there troubleshooting, find out their perimeter router [Cisco SMB router] has a bug. Their IPSec VPN IP protocol 50 passthrough is seen as by the router O/S as port forward rule so you can’t create UDP 500 IKE to the RRAS server. Can’t create a UDP port 4500 forwarding rule either.
Cisco, in their infinite wisdom didn’t believe it until we allowed them into to the system to look. Sure enough, IPSec traffic monitoring on the external interface of the RRAS server showed L2TP and IPSec traffic not being received.
Used to be, I could setup, configure and get running secure VPN for remote clients in a day or so. This has dragged on for a couple weeks.
Anyone else with IPSec VPN Hell…
I tell ya, I long for the days then equipment might have cost more but it worked and it lasted. This “better, cheaper, faster” stuff is the pits.
Ended up returing the SMB router and exchange for a pricy entry level router but that using that, the Remote Access was up and running without a hitch in a day.