Technical Tip : FortiOS Resolving L2TP IPSec connection issues when using Windows 7
Description
A remote Windows 7 L2TP IPSec user may receive the following error message when trying to make a connection:
Error: 789 "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer".
This article explains a possible cause of error message and how to configure the FortiGate to prevent it occuring.
Scope
All FortiOS users with Windows 7 clients
Solution
Windows 7 quick mode implementation requires that the lifetime proposal matches the locally configured values. The default values on a Windows 7 OS for the lifetime proposal are 3600s/250000kbps.
To match this with the FortiGate, the following parameters in the IPSec phase 2 settings must be configured:
config vpn ipsec phase2
edit "dialup_lt2p_phase2"
set keylife-type both
set keylifekbs 250000
set keylifeseconds 3600
next
end