HPE Community
Security e-Series
1847860 Members
3658 Online
104021 Solutions
New Discussion

U200-A L2TP

 
Breuk230
Occasional Contributor

‎05-04-2012 07:09 AM

‎05-04-2012 07:09 AM

U200-A L2TP

HI,

 

Currently working with a U200-A and trying to get L2TP running. I'm not getting an active connection. In the security policy I see the L2TP connection entering the U200 on the untrust zone to local zone. The policies allow the L2TP and I see the session the session table but not getting active.

I configured this according to the documentation. Configured a local user for user access but this didn't help.

 

I'm using software version 5.20 feature 5128P01. this because also SSL-VPN is needed for this customer.

 

I'm using Windows 7 but it seems that only IPSec is possible ith this. I also used Vista, XP and iPad but all the same results.

 

Has anyone worked with L2TP before? If so, can you share how to configure and how to configure Windows?

 

Thanks in advance.

 

regards André

0 Kudos
1 REPLY 1
Manfri
Frequent Advisor

‎06-28-2012 06:15 AM

‎06-28-2012 06:15 AM

Re: U200-A L2TP

i use the inode client, that you can obtaining downloading the Inome management center and creating a customized setup 

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=110&prodSeriesId=4177945&prodTypeId=12883&objectID=c02602433

 

the config i used was this

 

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=120&prodSeriesId=5061731&prodTypeId=18964&objectID=c03093836

 

even without the certificate setup...

 

I had this strange problem though: having a complex ( many private subnet ) i setup a route in the firewall for all the private network versus the private WAN router, and this break the L2TP in a strange way

 

after connecting IPSEC the l2tp engine send l2tp packet TO THE IP OF THE CLIENT BEFORE THE NAT!!! ( and you will find the packed using wireshark in the TRUST INTERFACE.

 

disabling this route ( so that all the packet go to the UNTRUST ) the firewall fixed the packet and the L2TP go up... 

 

I ended trying tho force the routing of LT2P packet to the untrusted , reenabling the private network routing and it seem working ( but i'havent feedback from the support ).

 

If you have a private network that overlap the private network of the client, the L2TP connection, without this trick do not go up!!!

 

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.