This is a discussion on L2TP VPN on Dell 5520wwan - Network ; Hi everybody, I also posted this question at the Dell-forum site At our company we use D820 with 5505 WWAN modems and D830 with 5520 WWAN modems, both have Windows XP/SP2 installed. We use de modems to connect to the ...
I also posted this question at the Dell-forum site
At our company we use D820 with 5505 WWAN modems and D830 with 5520 WWAN
modems, both have Windows XP/SP2 installed.
We use de modems to connect to the Internet and that works perfectly.
After connecting to the Internet I make a VPN connection to a MS RRAS
2k3/sp2 server with L2TP certificate based authentication. The RAS server is
behind a NAT device so on the client side I have set the option
AssumeUDPEncapsulationContextOnSendRule=2 at the IPSec registry-parameters
On the D820 this works fine, on the D830 I receive error: 792 Timeout
Using Wireshark, I notice on the D820 when negotiatin Main Mode the
communcation changes from UDP/500 to UDP/4500, which is normal behaviour for
L2TP through a NAT device.
On the D830 I see during the Main Mode negotiation that de D830 changes to
UDP/4500, but the MS RAS server keeps responding in UDP/500. The oakley.log
file also confirms this:
5-16: 09:39:43:625:204 Sending: SA = 0x000E47F0 to
5-16: 09:39:43:625:204 ISAKMP Header: (V1.0), len = 2540
5-16: 09:39:43:625:204 I-COOKIE 34eaa8275d9ac959
5-16: 09:39:43:625:204 R-COOKIE 7ab8a46a00b89d5f
5-16: 09:39:43:625:204 exchange: Oakley Main Mode
5-16: 09:39:43:625:204 flags: 1 ( encrypted )
5-16: 09:39:43:625:204 next payload: ID
5-16: 09:39:43:625:204 message ID: 00000000
5-16: 09:39:43:625:204 Ports S:9411 D:9411
5-16: 09:39:44:453:204 Receive: (get) SA = 0x000e47f0 from
5-16: 09:39:44:453:204 ISAKMP Header: (V1.0), len = 295
5-16: 09:39:44:453:204 I-COOKIE 34eaa8275d9ac959
5-16: 09:39:44:453:204 R-COOKIE 7ab8a46a00b89d5f
5-16: 09:39:44:453:204 exchange: Oakley Main Mode
5-16: 09:39:44:453:204 flags: 0
5-16: 09:39:44:453:204 next payload: KE
5-16: 09:39:44:453:204 message ID: 00000000
5-16: 09:39:44:453:204 received an unencrypted packet when crypto active
5-16: 09:39:44:453:204 GetPacket failed 35ec
5-16: 09:39:44:687:858 retransmit: sa = 000E47F0 centry 00000000 , count = 1
Reading the oakley.log I can see after 6 tries the D830 gives up and
terminates the negotiation and thus the VPN connection.
Strangly, when I remove the 5505 module from the D820 and place it in the
D830 my VPN connection works fine! Both modules use the same driver v220.127.116.11,
so I dont think it's a driver problem. Firmware maybe? I updated my 5520
module to the latest.
So, why doesn't the 5520 module allow L2TP-VPN connections?
Thanks for any help