Please, this is the third post i made over this subject, if anyone can please help me, i´ll be thanksfull.

I need to configure L2TP/IPSEC to work whit remote clients, that are in different location and whit differen IP address. The IP adresses are unknown and can change at any time.

I have try L2TP/IPSEC whit static peers and work great, but can´t make it work when the peer is unknown.

There is a setting in ISAKMP for "generate-policy=yes"

Regards

Andrew

Thanks a lot for the answer, but i already try the "generate-policy=yes"
and works fine only if the peer has a known ip address.
I need to make IPSEC work for unknown address of remote peers.

This is what "generate-policy=yes" does. Make sure you specify the client IP address as 0.0.0.0. Subnet mask is either /0 or /32, I can't remember which.

Regards

Andrew

andrewluck, thanks a lot for the answer, it works ok with the /0 that was the mistake.

Now i receive 4 o 5 IPSec Warnings - Incoming packet with unknown SPI and a info message with: ipsec no a found: proto=esp spi=4100391946 src=xx.xx.xx.xx dst=xx.xx.xx.xx

Some times it conects and some time not, i only have to retry 2 or 3 times anthen it conects OK.

I´using windows VPN client, i don´t know which other client can use.

Not much to go on there.

Check the IKE logs to see if anything is going wrong.

Also, you might try turning on ipsec logging on the windows client to see if that gives any clues.

Regards

Andrew