IPSEC VPN NAT

From: "Alex" <nospam@xxxxxxxxx>
Date: Mon, 14 Aug 2006 14:10:19 +0200

Hello,

we implemented a VPN solution which uses the L2TP/IPSEC protocoll. The ISA
Server (ISA 2006 W2K3) is directly attached to the Internet (without NAT).
Clients use the VPN without problems, even over a NAT Device.

But if there are multiple clients (XP SP2) behind the same NAT-Device
(client side) the second client gets no connection. We also tried different
DSL-Routers with features like IPSEC-Passthrough. But there is no different
behaviour if this feature is turned off or not. (I think this feature is
only usefull for Clients that could not use the NAT-T protocol).

Is there a known restriction in the IPSec NAT-T protocoll, which would
explain that only one connection is possible over the same NAT device???

A.

.

Follow-Ups:
- Re: IPSEC VPN NAT
  - From: Julian Dragut

Prev by Date: Re: MSN Connection Failure Cause of ISA-Firewall
Next by Date: Re: I can't see my web page
Previous by thread: MSN Connection Failure Cause of ISA-Firewall
Next by thread: Re: IPSEC VPN NAT
Index(es):
- Date
- Thread

Relevant Pages

NAT IPSEC VPN
... we implemented a VPN solution which uses the L2TP/IPSEC protocoll. ... Clients use the VPN without problems, even over a NAT Device. ... But if there are multiple clients behind the same NAT-Device ... Is there a known restriction in the IPSec NAT-T protocoll, ...
(microsoft.public.isa)
Re: Open ports.
... Cayman 3546 broadband router with a 4 port switch. ... actually 3 clients sharing one office suite. ... The peer-to-peer clients connect to the domain network using VPN to ... NAT device and put it between the Cayman and the domain. ...
(comp.security.firewalls)
Re: Inbound connections limit in Windows XP
... what if you place an accelerator proxy or a NAT device between ... > the clients and your box? ... > XP box as a productive server. ... so anonymous inbound TCP connections would not appear to be counted then? ...
(borland.public.delphi.non-technical)
multiple VPN Clients (L2TP) behind a NAT device connects to ISA server 2004
... We have an ISA server 2004 and we use it to terminate our VPN ... even when clients are behind NAT devices. ... Is this a limitation on the ISA 2004 EE server, limitation on the L2TP ipsec ... What specification must the Nat device then have? ...
(microsoft.public.isa.vpn)
Error 718, users cant authenticate
... I've had a VPN solution for my remote users for several years, ... Client machines can successfully ping the server's public ip address. ... Clients can initiate the connection successfully but the process stalls at ...
(microsoft.public.isa.vpn)