Re: Can't get L2TP VPN working with NAT...PPTP works fine

This is insane. I can't believe that Microsoft can't get this to work.
My wife uses a VPN client over the same network connection that I use.
She uses VPN1 and while I am not 100% sure I would guess she uses IPSEC
because she works for a large organization that is big on security.
This is a joke. I'll just buy a vpn appliance so I can get back to
work and not have to continue playing with this mickeymouseware

Kurt wrote:
Ned wrote:
I can only connect to my L2TP vpn if my home pc (XP sp2 with nat-t
registry edit) has a public ip address. I had the same problem when I
was at XP sp1. The second I put my pc behind a router with nat (netgear
fwag114) I get a timeout. PPTP works just fine either way (nat or
public ip)

At work I have a Windows 2003 server with the lastest service pack
behind a cisco 2600 router without NAT. The server has a public IP
address on its external nic and a private IP on the internal nic. The
external nic has a default gateway pointing to the cisco router and the
internal nic has static routes for my lan. I am using PSK with l2tp.

I have tried everything and I need to have this working tomorrow. Has
anyone gotten this to work? am I missing something?

I have never got L2TP to work through a NAT. Some routers provide "NAT
Traversal" that is supposed to work, but I've never tried one. Even so,
you'd have to be able to guarantee one of those routers be available
everywhere you're connecting from. If this is for road warriors, I'd
stick with PPTP. IF this is for a fixed remote site, go with a hardware
IPSec solution.

I'm not any kind of authority here, if someone else knows how to
"dummy-down" the header authentication so that it will work through a
NAT, I'd like to know.

...kurt

.

Relevant Pages

  • Re: Static Translations Disappearing
    ... this router and see if they have the same behavior. ... you are running into a NAT bug. ... It wouldn't hurt to change IOS and ... ....where it just shows all translations being dynamic (0 static, ...
    (comp.dcom.sys.cisco)
  • Re: moved a working network, now it doesnt work
    ... router I can ping the internet with no problem. ... From one of your Linux machines can you ping the FA 0/1 interface (default ... are NOT natting so if CAN ping from the router, ...
    (comp.dcom.sys.cisco)
  • Re: IP Route Tables - Point to Point Connection - Only Routing 1 way
    ... Your ksshorley1 router is performing network address translation (NAT) on ... default route command. ...
    (comp.dcom.sys.cisco)
  • Re: Cisco 1700 Router
    ... I must consider your modem to be a router which provides PPPoE, DNS proxy ... and NAT services. ... This default route points out interface Ethernet0, ...
    (comp.dcom.sys.cisco)
  • Re: NAT is not a mechanism for securing a network.. but.. HELP!
    ... > Linksys NAT router at the time and the machines behind the router ... > responded to the ping test. ... > Not once did the Linksys NAT router in its syslog using Wallwatcher ... "if the firewall responds to pings, there is an easy path for hackers into the network" ...
    (comp.security.firewalls)