L2TP and IPSEC

Art · November 10, 2006, 12:59pm

I’ve problem with L2TP and IPSEC

L2TP is configured good
but IPSEC after reboot does not working i must disable it and enable then is working

my config

[admin@Aprouter] ip ipsec peer> export
# nov/10/2006 13:56:15 by RouterOS 2.9.35
# software id = M0DH-FT0
#
/ ip ipsec peer 
add address=192.168.200.0/24:500 secret="xxxxxxxxx..." generate-policy=yes exchange-mode=main send-initial-contact=yes \
    proposal-check=obey hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 disabled=no 
[admin@Aprouter] ip ipsec peer>

any sugestions why it working like that?

andrewluck · November 10, 2006, 3:47pm

Start by logging IPSEC events at both ends of the link. That should give you a few clues.

Regards

Andrew

Art · November 10, 2006, 4:21pm

one side is Win XP and notching is coming to log on mt

andrewluck · November 10, 2006, 6:38pm

You need to turn on IPSEC logging on the MT.

Also, this MS article:

http://support.microsoft.com/kb/314831

Also:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_ipsec_tools.mspx?mfr=true

Regards

Andrew

Art · November 14, 2006, 9:10am

logs says nothing …

still canot connect after reboot
when i disable and enable ip address on ethernet then all is working ok

Solution:

i just added a script on startup do disable and enable ip address
and it works ok for now