[VPN] Request: Need PIX Recipe for WinXP L2TP/IPSEC

Engelhard M. Labiro engelhard at ieee.org
Tue May 25 06:55:53 EDT 2004


Hi Stacy,

The Win XP L2TP/IPSec client is using ESP in "TRANSPORT" mode not
"TUNNEL" mode.
Try changing the Phase2 ESP policy to transport mode.

Best Regards,


On Mon, 24 May 2004 23:55:04 -0700
Stacy Purcell <spurcell at covad.net> wrote:

> Does anyone have a working example of a PIX config that works with WinXP 
> L2TP/IPSEC clients that they can share?
> 
> I'm working with a PIX 501 that has the DES/3DES/AES license.
> 
> Using the WinXP VPN client GUI config, I can initiate the connection and 
> it passes the authentication step in quick mode, but hangs on the next 
> ISAKMP step where they try to agree on the encryption parameters. It 
> complains about "invalid transforma proposal flags -- 0x200" or says 
> "transform proposal not supported".
> 
> I also tried unsuccessfully to configure the WinXP side from scratch 
> using the IPSEC policies but I can't even get the box to do IKE when I 
> have the policy installed.
> 
> A PIX example with a brief description of how you config the WinXP 
> clients would be very helpful. :)
> 
> Thanks,
> Stacy Purcell
> 
> 
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn

--
エンゲルMラビロ <eng3lhard at hotmail.com>
東京都練馬区錦1丁目6-8
携帯:090-5578-9364
電話:03-5398-8604





More information about the VPN mailing list