Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 39 subscribers
  • Views 1926 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP VPN Issues Integrated WIN10

n33dfull

Hi,

i have set up L2TP VPN with PSK Today and i dont know why i cant connect.


I have Windows AD as Authentication Provider added the AD Group to L2TP.  Enabled L2TP with the following config. 




Set up the client with the following Parameters after adding the Tunnel via the GUI.

Set-VpnConnectionIPsecConfiguration -ConnectionName "T40" -AuthenticationTransformConstants None -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup PFS2048 -DHGroup Group14 -PassThru -Force

Add-VpnConnectionRoute -ConnectionName "T40" -DestinationPrefix "172.17.2.0/24" 

Following Logs on the FW when i try to connect.

console> show vpn IPSec-logs
2022-02-06 15:28:06Z 28[NET] <317> received packet: from 954.258.192.25[500] to 85.254.354.895[500] (256 bytes)
2022-02-06 15:28:06Z 28[ENC] <317> parsed ID_PROT request 0 [ SA V V V V V V V V ]
2022-02-06 15:28:06Z 28[ENC] <317> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
2022-02-06 15:28:06Z 28[IKE] <317> received MS NT5 ISAKMPOAKLEY vendor ID
2022-02-06 15:28:06Z 28[IKE] <317> received NAT-T (RFC 3947) vendor ID
2022-02-06 15:28:06Z 28[IKE] <317> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2022-02-06 15:28:06Z 28[IKE] <317> received FRAGMENTATION vendor ID
2022-02-06 15:28:06Z 28[ENC] <317> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
2022-02-06 15:28:06Z 28[ENC] <317> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
2022-02-06 15:28:06Z 28[ENC] <317> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
2022-02-06 15:28:06Z 28[IKE] <317> 954.258.192.25 is initiating a Main Mode IKE_SA
2022-02-06 15:28:06Z 28[ENC] <317> generating ID_PROT response 0 [ SA V V V V V ]
2022-02-06 15:28:06Z 28[NET] <317> sending packet: from 85.254.354.895[500] to 954.258.192.25[500] (180 bytes)
2022-02-06 15:28:10Z 17[NET] <318> received packet: from 954.258.192.25[500] to 85.254.354.895[500] (256 bytes)
2022-02-06 15:28:10Z 17[ENC] <318> parsed ID_PROT request 0 [ SA V V V V V V V V ]
2022-02-06 15:28:10Z 17[ENC] <318> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
2022-02-06 15:28:10Z 17[IKE] <318> received MS NT5 ISAKMPOAKLEY vendor ID
2022-02-06 15:28:10Z 17[IKE] <318> received NAT-T (RFC 3947) vendor ID
2022-02-06 15:28:10Z 17[IKE] <318> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2022-02-06 15:28:10Z 17[IKE] <318> received FRAGMENTATION vendor ID
2022-02-06 15:28:10Z 17[ENC] <318> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
2022-02-06 15:28:10Z 17[ENC] <318> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
2022-02-06 15:28:10Z 17[ENC] <318> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
2022-02-06 15:28:10Z 17[IKE] <318> 954.258.192.25 is initiating a Main Mode IKE_SA
2022-02-06 15:28:10Z 17[ENC] <318> generating ID_PROT response 0 [ SA V V V V V ]
2022-02-06 15:28:10Z 17[NET] <318> sending packet: from 85.254.354.895[500] to 954.258.192.25[500] (180 bytes)

ideas? 

Regards



This thread was automatically locked due to age.
  • 0

    Just to be sure: You are not affected by the latest Win10/11 patch, which killed L2TP? 

    __________________________________________________________________________________________________________________

  • 0

    Hi n33dfull,

    Please share the logs for the below command while connecting to L2TP from Windows System.

    console>tcpdump 'port 1701

    console>drop-packet-capture 'port 1701

    console>show vpn configuration 

    console>show vpn L2TP-logs

    console>show vpn IPSec-logs

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Hi Bharat J, Hi LuCar Toni,

    i checked on my end, L2TP Patch isnt installed,  already installed the Fix KB5010795

    No i have the requested Screenshots, while connecting




    before and while connecting

    Connection of IPSec-logs

    My Connection with Special Proposals

    2022-02-07 19:16:05Z 11[NET] <705> received packet: from 954.258.192.25[500] to 34.435.234.432[500] (256 bytes)
2022-02-07 19:16:05Z 11[ENC] <705> parsed ID_PROT request 0 [ SA V V V V V V V V ]
2022-02-07 19:16:05Z 11[ENC] <705> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
2022-02-07 19:16:05Z 11[IKE] <705> received MS NT5 ISAKMPOAKLEY vendor ID
2022-02-07 19:16:05Z 11[IKE] <705> received NAT-T (RFC 3947) vendor ID
2022-02-07 19:16:05Z 11[IKE] <705> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2022-02-07 19:16:05Z 11[IKE] <705> received FRAGMENTATION vendor ID
2022-02-07 19:16:05Z 11[ENC] <705> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
2022-02-07 19:16:05Z 11[ENC] <705> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
2022-02-07 19:16:05Z 11[ENC] <705> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
2022-02-07 19:16:05Z 11[IKE] <705> 954.258.192.25 is initiating a Main Mode IKE_SA
2022-02-07 19:16:05Z 11[ENC] <705> generating ID_PROT response 0 [ SA V V V V V ]
2022-02-07 19:16:05Z 11[NET] <705> sending packet: from 34.435.234.432[500] to 954.258.192.25[500] (180 bytes)

    Connection with Default Windows Config

    2022-02-07 19:16:08Z 05[NET] <706> received packet: from 954.258.192.25[500] to 34.435.234.432[500] (408 bytes)
2022-02-07 19:16:08Z 05[ENC] <706> parsed ID_PROT request 0 [ SA V V V V V V V V ]
2022-02-07 19:16:08Z 05[ENC] <706> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
2022-02-07 19:16:08Z 05[IKE] <706> received MS NT5 ISAKMPOAKLEY vendor ID
2022-02-07 19:16:08Z 05[IKE] <706> received NAT-T (RFC 3947) vendor ID
2022-02-07 19:16:08Z 05[IKE] <706> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2022-02-07 19:16:08Z 05[IKE] <706> received FRAGMENTATION vendor ID
2022-02-07 19:16:08Z 05[ENC] <706> received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
2022-02-07 19:16:08Z 05[ENC] <706> received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
2022-02-07 19:16:08Z 05[ENC] <706> received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
2022-02-07 19:16:08Z 05[IKE] <706> 954.258.192.25 is initiating a Main Mode IKE_SA
2022-02-07 19:16:08Z 05[CFG] <706> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
2022-02-07 19:16:08Z 05[CFG] <706> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048
2022-02-07 19:16:08Z 05[IKE] <706> no proposal found
2022-02-07 19:16:08Z 05[ENC] <706> generating INFORMATIONAL_V1 request 441656758 [ N(NO_PROP) ]
2022-02-07 19:16:08Z 05[NET] <706> sending packet: from 34.435.234.432[500] to 954.258.192.25[500] (56 bytes)



    Regards

  • 0 in reply to n33dfull

    Hi n33dfull 

    It seems the setting has to be fine-tuned from the System end as no traffic is reaching port 1701 on Sophos XG. 

    Try to connect local created user if getting connected or not

    Are you are trying to connect the remote user with VPN ? If yes try Sophos Connect as per the below link to meet your requirement : 

    docs.sophos.com/.../index.html

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Hi ,

    is there anything i missconfigured? Or do you know a solution for what you sad "fine-tuned" where?


    I`m not trying to connect remote user with the L2TP, i just try for myself because we have some SG Users migrating to XG and want to change everything step by step and thats why i may need L2TP and have to figure out how it works and how it have to be setup on a client correctly. 

    Local User also wont work. 

    I think as next step I`ll open a Supportcase. 

    Regards

  • 0 in reply to n33dfull

    Hi n33dfull,

    Please verify services "IKE key generation module and AuthIP" and "IPSEC policy agent" status on Windows 10 ?

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Hi ,

    running and restarted the services. 

    Regards

  • 0 in reply to n33dfull

    Hi  n33dfull 

    Please share the error message you are getting while connecting to L2TP VPN from Windows System.

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML