I am trying to configure a RB to log on as a VPN client to a MS server (presumably ISA) using l2tp/ipsec, basically emulating a standard Windows-XP client. The Windows-client logon just fine, so I know it works on the server side.

I first started by setting up the ipsec layer. On the first connect I saw in the ROS log that the MS server wants Hash=sha, Encryption=3des and DH=modp768.
After setting this in my peer config, it continues to trying to logon. But then I just get the 'Invalid length of payload' error that I see that many people have received when using the Routerboard as a l2tp/ipsec server.
I haven't even configured any l2tp client yet, since I assume the ipsec layer must be established first..?

I have tried several different configs, but can not get passed this error and am benning do doubt that they are compatible..
I have no access to the server, so I can't see what is going on there, but as I said it works fine to connect to it using a standard Win-XP client..

Before I get on.. has anyone managed to connect a RB as a l2tp/ipsec client against a MS ISA server this way..?
Is it supposed to work?