IPSec S2S with x509 interferes with L2TP/IPSec RUA?


#1

I’ve got a B210 hw3 running fw 7.0.0. It has a mix of S2S IPSec, SpeedFusion, and remote user L2TP/IPSec. The ordinary IPSec tunnel uses x509 in aggressive mode because only the head office has a static IP available.

Some RUA users complain that windows 7 gives them vpn error 789 and 810. It seems that both these messages have to do with authentication.

I believe that this somehow interferes with remote user access because they use local accounts and a preshared-key. I believe that the IPSec service has some sort of conflict because it cannot listen for both the psk of RUA users as well as the certificate from the s2s client. This is further evidenced because no RUA users experience any connectivity issues when the IPSec s2s tunnel is fully disabled.

Can a Peplink rep confirm that there could be a “listening” conflict when both s2s x509 and RUA with local accounts and psk are running simultaneously? Is a possible workaround to force s2s to use an alternate port?


#2

May I know all the affected clients are Windows based machines? Are the clients connected from the same place?

I would suggest open ticket for us to take closer look.


#3

Yes they were, we have mitigated the problem by just using SpeedFusion everywhere instead.
I don’t really have time to pursue this anymore. I am simply going to abandon this problem. :zipper_mouth_face: