Possible cause for a failure to establish the L2TP over IPSec tunnel between the AR and PC running Windows 7 or Windows XP


The system registry may be not modified.
Use Windows 7 as an example. Modify the Windows registry and do not use the digital certificate. The method is as follows:
1. Choose Start > Run and enter regedit to open the registry.
2. Access HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\Parameters , and right-click the blank area on the right and choose New > DWORD (32-bit) to generate a new file named New Value #1.
3. Select New Value #1, right-click Rename to rename the file name ProhibitIpSec.
4. Select the ProhibitIpSec file, and right-click file and select Modify.
5. Set Numerical Data to 1 and set Cadinality to 16 hexadecimal in the displayed Edit DWORD�?2-bit�?value dialog box.
6. Restart the PC to make the configuration take effect.

Other related questions:
Method used to establish an IPSec tunnel between the AR and PC
An IPSec tunnel is established between the AR and PC. This example applies to all AR models of V200R002C00 and later versions. For details about the configuration, see "Example for Configuring an IPSec Tunnel for Remote Dial-Up Users to Connect to the Headquarters" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

What are possible causes for L2TP dial-up failures of the AR router
Possible causes for L2TP dialup failures are as follows: - The firewall is configured on the public network or the local PC has the firewall, so L2TP packets are discarded. - When corresponding L2TP port is disabled or occupied, UDP port 1701 is often used. For example, ACL and NAT are configured. - The user name and password of the LAC are incorrect, or no users are specified for the LNS. - The configured address is incorrect. For example, the statically configured address of the VT interface is incorrect. - Tunnel authentication modes are different. - LCP renegotiation is not configured. - The IP address allocation is improper. The IP address pool has a small address range or not configured. - Gateway addresses are not configured in the IP address pool, so gateway addresses are allocated to clients. - There are unreachable routes. - In the L2TP group view, the specified tunnel name at the remote end is incorrect. - The configured authentication domain is incorrect. - L2TP negotiation fails because control packets sent by clients of the local PC do not carry the SQ. - When IPSec encryption is used, the IPSec parameters on the two ends of the tunnel are inconsistent.

L2TP tunnels fail to be established between the AR and the PC running Windows 8
The possible cause is that the PC uses Windows 8. You must add \ before the user name when inputting a user name. The correct input mode is \vpn. Otherwise, a domain name is automatically added before the user name. As a result, login authentication fails. When inputting a user name on PCI, add \ before the user name, for example, \vpn. Then PC1 dialup succeeds.

Problem and solution when the IPSec tunnel cannot be established between the USG6300 and Windows 8 system
The IPSec tunnel established using the Windows 8 dial-up software on the USG6000 is interrupted at a certain interval. You can use other VPN tunnels, such as L2TP.

Can the CDR server of the U1960 be installed on a PC that runs the Windows 7 operating system?
The CDR server used in the UC solution cannot be deployed on the Windows 7 operating system. In the UC1.1, UC2.2, and UC2.3 solutions, the CDR server needs to be deployed on the Windows Server 2008 operating system. In the UC3.0 solution, the CDR server can be deployed on the Windows Server 2012 operating system.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top