Re: VPN behind NAT



Which Client? which SP?

For XPSP1 and 2000 you need to download a special Update which is not delivered through SUS/WSUS:
http://support.microsoft.com/kb/818043/en-us

For XPSP2 this Update is already installed, you then need to set a registry key:
http://support.microsoft.com/kb/885407/en-us


Beside this, the router has to be open for protocol No. 50, ESP, (NOT port 50!!). Sou haven not said that you did this. BTW, the settings for protocol 50 depends on the configuration the menu in the router is offering. Within high end router you often have to configure ESP or protocol 50, is low cost router you often have to check a setting like "IPsec" oder "L2TP/IPSec" or just "VPN-Passthrough".


Greetings

Claus Greck
[MVP - Server Directory Services]



"fund_cebi" <fundcebi@xxxxxxxxxxxxxxxxxxxxxxxxx> schrieb im Newsbeitrag news:54A2257B-D01C-47FD-9099-CF40E72791E8@xxxxxxxxxxxxxxxx
I’m trying to set up a L2TP/IPSec VPN to my private network behind a NAT
Router/Firewall
I’m using ISA2004, on Windows 2003, as RAS.
I’ve opened ports 500, 4500 and 1701 on the NAT Router.
Before going on-line, I’ve tested the ISA configuration by connecting a
client PC to the external LAN of the ISA server and it works fine. When I try
to connect from the “outside world” the VPN does not work.
Logs on the ISA show a successful connection to port 500 each time e try to
connect but no attempt on any other port.
I guess something is going wrong with NAT-T but I cannot find out what!
I’ve gone to a lot of MS-KB articles and double-checked every configuration,
still cannot get the VPN to work.
Any help on this mater would be much appreciated!!!


.