Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Server 2012 VPN using L2TP

  • Please log in to reply
3 replies to this topic

#1 finsfree


  • Members
  • 1 posts
  • Local time:08:33 PM

Posted 09 September 2017 - 10:11 AM



I am trying to setup a Windows Remote Access Server for VPN clients. At first I was in a lab environment and everything was working fine. My Windows 7 client connected.


Now I want to come in from the WAN side (outside). I have yet to make a connection.


What I have done so far:

  • Installed the Remote Access role on a Server 2012
  • Added the server to a domain
  • In active directory users and computers, changed the property settings in Dial in tab to "allow access" to each user.
  • Created the preshared key
  • Opened port 500, 1701, 4500 on my soho firewall

The error I am receiving is, "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer."




BC AdBot (Login to Remove)


#2 sflatechguy


  • BC Advisor
  • 2,255 posts
  • Gender:Male
  • Local time:07:33 PM

Posted 17 September 2017 - 12:50 PM

Could be a certificate or pre-shared key error. If you are using PSKs, make sure they are the same on both the client and the server. If you are using certificates, make sure you are using the same cert. Also make sure the machine certificate is trusted, and the Extended Key Usage for the machine cert is set to use Server Authentication.

#3 dlynch121


  • Members
  • 1 posts
  • Local time:01:33 AM

Posted 19 September 2017 - 08:02 AM

Could be the NAT-T issue - I didn't think Windows 7 was affected but I could be wrong as it would make sense considering you can connect from the LAN.  Definitely worth a try.




Article specifies Vista/2008 but the keys are all the same.


I've had to change this key in the past to get L2TP VPN clients working when the server is behind a NAT device, I know Windows 10 is affected and requires this, possibly 7 does too?

Edited by dlynch121, 19 September 2017 - 08:04 AM.

#4 Sneakycyber


    Network Engineer

  • BC Advisor
  • 6,133 posts
  • Gender:Male
  • Location:Ohio
  • Local time:07:33 PM

Posted 25 September 2017 - 10:33 AM

You need to open Port 50 in your firewall. 

For L2TP:

  • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv1 (IPSec control path)
  • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv1 (IPSec control path)
  • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users