Cannot Connect to RB2011UiAS using L2tp/IPsec

RouterOS General
1

Hi,
When trying to connect to an RB2011UiAS using L2tp/IPsec from a win7 client inside the LAN, log displays:

07:57:02 ipsec,info respond new phase 1 (Identity Protection): 99.237.72.210[500]<=>192.168.25.24[500]
07:57:02 ipsec,error no suitable proposal found.
07:57:02 ipsec,error 192.168.25.24 failed to get valid proposal.
07:57:02 ipsec,error 192.168.25.24 failed to pre-process ph1 packet (side: 1, status 1).
07:57:02 ipsec,error 192.168.25.24 phase1 negotiation failed.


/ip ipsec proposal
Flags: X - disabled, * - default 
 0  * name="default" auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-256-ctr,3des lifetime=30m pfs-group=none




 /interface l2tp-server server> print 
             enabled: yes
            max-mtu: 1450
            max-mru: 1450
               mrru: disabled
     authentication: mschap2
  keepalive-timeout: 30
       max-sessions: 3
    default-profile: l2tp-in
          use-ipsec: yes
       ipsec-secret: XxXxXxXxXxX
    allow-fast-path: yes
          use-ipsec: yes




/ppp profile
 1   name="l2tp-in" local-address=192.168.25.1 remote-address=ipsec-rw remote-ipv6-prefix-pool=*0 use-ipv6=no use-mpls=default 
     use-compression=default use-encryption=default only-one=default change-tcp-mss=yes use-upnp=no address-list="" 
     dns-server=192.168.25.1 wins-server=192.168.25.252 on-up="" on-down="" 

[code]/ip firewall filter> print 
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix="" 

 2    chain=forward action=accept connection-state=established,related log=no log-prefix="" 

 3    chain=input action=drop protocol=tcp in-interface=ether1 dst-port=80 log=no log-prefix="" 

 4    chain=input action=add-src-to-address-list connection-limit=100,32 protocol=tcp address-list=limits address-list-timeout=1d 
      log=no log-prefix="" 

 5    chain=input action=tarpit connection-limit=3,32 protocol=tcp src-address-list=limits log=no log-prefix="" 

 6 XI  ;;; SYN Flood protect
      chain=forward action=jump jump-target=SYN-Protect tcp-flags=syn connection-state=new protocol=tcp log=no log-prefix="" 

 7    chain=SYN-Protect action=accept tcp-flags=syn connection-state=new protocol=tcp limit=400,5 

 8    chain=SYN-Protect action=drop tcp-flags=syn connection-state=new protocol=tcp 

 9    chain=input action=accept connection-state=new protocol=udp in-interface=ether1 dst-port=500,1701,4500 log=no log-prefix=""
2

Check your windows client. The default for L2tp/ipsec in the security tab Advanced Settings is: Use Certificate for Authentication. Change that to: Use Pre-shared key for authentication and the enter your password in the Key: field.