Re: VPN behind NAT

Did you found a solution for your problem ?
I'm interesred by this solution, I have the same config:
Client VPN/IPSec -- INTERNET --Nat Router -- ISA Server -- LAN
I use my Nat/Router public adress as VPN server adress and it doesn't work,
but no problem if i configure my Nat/Router as a bridge (in this case the ISA
external adress became my public adress).
Many thanks

"fund_cebi" wrote:

Thank you for the reply.
The client is a XP-SP2. I’ve already made the change to the registry in
KB885407, tried values 1 and 2. Currently set to 1.
VPN-Pass-through is enabled on the NAT/Firewall. Have no change any other
setting for protocol 50/ESP, didn’t seem necessary!
If of any help, the connection fails with time-out negotiating security.

Thanks for further help


"Claus Greck [MVP]" wrote:

Which Client? which SP?

For XPSP1 and 2000 you need to download a special Update which is not
delivered through SUS/WSUS:
http://support.microsoft.com/kb/818043/en-us

For XPSP2 this Update is already installed, you then need to set a registry
key:
http://support.microsoft.com/kb/885407/en-us


Beside this, the router has to be open for protocol No. 50, ESP, (NOT port
50!!). Sou haven not said that you did this. BTW, the settings for protocol
50 depends on the configuration the menu in the router is offering. Within
high end router you often have to configure ESP or protocol 50, is low cost
router you often have to check a setting like "IPsec" oder "L2TP/IPSec" or
just "VPN-Passthrough".


Greetings

Claus Greck
[MVP - Server Directory Services]



"fund_cebi" <fundcebi@xxxxxxxxxxxxxxxxxxxxxxxxx> schrieb im Newsbeitrag
news:54A2257B-D01C-47FD-9099-CF40E72791E8@xxxxxxxxxxxxxxxx
I’m trying to set up a L2TP/IPSec VPN to my private network behind a NAT
Router/Firewall
I’m using ISA2004, on Windows 2003, as RAS.
I’ve opened ports 500, 4500 and 1701 on the NAT Router.
Before going on-line, I’ve tested the ISA configuration by connecting a
client PC to the external LAN of the ISA server and it works fine. When I
try
to connect from the “outside world” the VPN does not work.
Logs on the ISA show a successful connection to port 500 each time e try
to
connect but no attempt on any other port.
I guess something is going wrong with NAT-T but I cannot find out what!
I’ve gone to a lot of MS-KB articles and double-checked every
configuration,
still cannot get the VPN to work.
Any help on this mater would be much appreciated!!!



.

Relevant Pages

  • mpd configure and route issues
    ... configuration, and therefore, slightly different problems. ... not enough of them show the network layout, along with the configuration, so ... firewall and gateway, I'm good, just no joy with the VPN yet. ... And my route table now has this added on: ...
    (FreeBSD-Security)
  • Re: Setting up VPN+IPSec+Racoon
    ... I meant that port, the binary called racoon there, too. ... The serv will connect to the SMS server and get the received SMSes, but the connection to the SMS server is only allowed via VPN. ... I've installed ipsec-tools, and tried to configure it, but I can't start racoon and I get a configuration file parse error. ... # "padding" defines some padding parameters. ...
    (freebsd-questions)
  • Configuring router for VPN passthrough
    ... to VPN requests, and have the laptop configured to connect as a VPN ... The connection made from inside the firewall (directly to the ... I think it has to be the router configuration for VPN ...
    (comp.security.firewalls)
  • VPN with Cisco routers
    ... The vpn came up only if the connection is initialized from remote site. ... is it possible that the load balancing configuration don't ... And here are the cisco router config from one of the router. ... crypto isakmp policy 1 ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Wireless LAN Questions
    ... here is my topology for the network which will make a VPN connect ... Configured DNS with root deleted and forwarders set to 10.12.4.10 ... Configured RRAS with a demand dial interface Remote Router for VPN through ... > this manner is not a sane LAN configuration and not worth dealing with. ...
    (microsoft.public.windows.server.networking)