I’m getting a very weird set of log entries from configuration I have used quite a bit in the past. It’s clearly something with NAT traversal, and while the L2TP server has NAT running on it, the IPSEC interface is not behind it.
The VPN configuration:
The messages that follow the INVALID_MESSAGE_ID are all of "remote-access-mac-zzz" 184.108.40.206:4500 #4: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xa609e4a1 (perhaps this is a duplicated packet)".
How can I provide more information and learn how to solve this?
Hi @16again, 192.168.1.25 is the natted address of 220.127.116.11 (whatever random public address it got from Comcast). 173.x.x.118 is the address of the ethernet port for the router. vti1 is also on that address, which serves a separate point-to=point VPN.
Do you think that the vti might be intercepting the traffic that is intended for the L2TP? I wonder if it might help to create a separate IP address that is just for the L2TP?