Re: VPN behind NAT



Which Client? which SP?

For XPSP1 and 2000 you need to download a special Update which is not delivered through SUS/WSUS:
http://support.microsoft.com/kb/818043/en-us

For XPSP2 this Update is already installed, you then need to set a registry key:
http://support.microsoft.com/kb/885407/en-us


Beside this, the router has to be open for protocol No. 50, ESP, (NOT port 50!!). Sou haven not said that you did this. BTW, the settings for protocol 50 depends on the configuration the menu in the router is offering. Within high end router you often have to configure ESP or protocol 50, is low cost router you often have to check a setting like "IPsec" oder "L2TP/IPSec" or just "VPN-Passthrough".


Greetings

Claus Greck
[MVP - Server Directory Services]



"fund_cebi" <fundcebi@xxxxxxxxxxxxxxxxxxxxxxxxx> schrieb im Newsbeitrag news:54A2257B-D01C-47FD-9099-CF40E72791E8@xxxxxxxxxxxxxxxx
I’m trying to set up a L2TP/IPSec VPN to my private network behind a NAT
Router/Firewall
I’m using ISA2004, on Windows 2003, as RAS.
I’ve opened ports 500, 4500 and 1701 on the NAT Router.
Before going on-line, I’ve tested the ISA configuration by connecting a
client PC to the external LAN of the ISA server and it works fine. When I try
to connect from the “outside world” the VPN does not work.
Logs on the ISA show a successful connection to port 500 each time e try to
connect but no attempt on any other port.
I guess something is going wrong with NAT-T but I cannot find out what!
I’ve gone to a lot of MS-KB articles and double-checked every configuration,
still cannot get the VPN to work.
Any help on this mater would be much appreciated!!!


.



Relevant Pages

  • Re: Unable to make VPN connection to ISA 2006 Standard
    ... After todays work I conclude this has to be an ISA problem. ... server and used the same ADSL connection, router, client etc and was able to ... make an incoming connection direct to RRAS on this machine with absolutely no ...
    (microsoft.public.isa.vpn)
  • Re: port forwarding (rerouting) with isa server.
    ... adress (in the appliction software on the client pc)where the clients have ... This is a problem for portable users which have to access the isa ... server from within the internal network aswell from the internet. ... exteral ip of the router), but as i told it is a problem with portable users ...
    (microsoft.public.isa)
  • Re: Unable to make VPN connection to ISA 2006 Standard
    ... server and used the same ADSL connection, router, client etc and was able to ... make an incoming connection direct to RRAS on this machine with absolutely no ... When I reinstalled ISA it also worked and I even got site to site ...
    (microsoft.public.isa.vpn)
  • Re: NICs configuration
    ... the subnet between the router and SBS (with or without ISA) ... is transparent to a VPN client. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 behind PIX problems
    ... but it might have been a dhcp client with the assigned ip and gateway. ... I suppose you'd have to redirect all traffic from the 'router' to ... realies on physically requiring all traffic to go thru ISA Server. ... > NAT Devices,...they are not capable of doing any "internal routing". ...
    (microsoft.public.isa.configuration)