I've been troubleshooting a Windows VPN server I have set up at a client for the past couple months ever since Apple dropped PPTP support on iOS 10. We originally were using PPTP but I've set up L2TP to replace it. When trying to connect from a Windows client, I get error "789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer."
I'm running Server 2012 R2 but I tried this fix: https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows-vista-and-in-windows-server-2008
I've also tried rebuilding the VPN server and even trying SoftEther instead.
We have a dedicated public IP address that is routed through a static NAT, here is the ACL:
access-list outside_acl line 107 extended permit esp any host 10.35.101.1 (hitcnt=0) 0x2c3f8508
access-list outside_acl line 108 extended permit udp any host 10.35.101.1 eq 50 (hitcnt=0) 0xfc6bbb30
access-list outside_acl line 109 extended permit tcp any host 10.35.101.1 eq 500 (hitcnt=0) 0x1d987bba
access-list outside_acl line 110 extended permit udp any host 10.35.101.1 eq 4500 (hitcnt=0) 0xc6623026
access-list outside_acl line 111 extended permit tcp any host 10.35.101.1 eq pptp (hitcnt=1176) 0x10485f2b
access-list outside_acl line 112 extended permit udp any host 10.35.101.1 eq 1701 (hitcnt=0) 0xad20745f
access-list outside_acl line 113 extended permit tcp any host 10.35.101.1 eq https (hitcnt=8000) 0x8e44edc0
access-list outside_acl line 114 extended permit tcp any host 10.35.101.1 eq www (hitcnt=7947) 0x3b12b922
access-list outside_acl line 115 extended permit tcp any host 10.35.101.1 eq 5555 (hitcnt=43) 0x10c84c51
access-list outside_acl line 116 extended permit tcp any host 10.35.101.1 eq 1194 (hitcnt=3) 0xb31b3848
access-list outside_acl line 117 extended permit tcp any host 10.35.101.1 eq 992 (hitcnt=25) 0x2a9fc74f
access-list outside_acl line 118 extended permit udp any host 10.35.101.1 eq isakmp (hitcnt=356) 0x169d641a
Am I missing something? Any guidance would be greatly appreciated.
PPTP still works fine.
