Re: Can't get L2TP VPN working with NAT...PPTP works fine
- From: Kurt <kurtl@xxxxxxxxxxxxxxxxx>
- Date: Sun, 10 Dec 2006 17:52:18 -0800
Ned wrote:
This is insane. I can't believe that Microsoft can't get this to work.It's not Microsoft thing. It's an L2TP thing. Think about it - L2TP requires an authentication header for both the "phase 1" and "Phase 2" portions. This provides great security, but means that the outer layer of encapsulation must not be tampered with. What does NAT do? It alters the header. That's how it works. So the two would seem to be incompatible. IPSec can be used with or without L2TP (tunnel mode vs transport mode). Odds are your wife's VPN is not over an L2TP tunnel. Besides L2TP requires a certificate where IPSec can use just a shared secret. As far as Microsoft goes, their tunneling protocols work just fine although a bit too slow for me. But if you put your hardware tunneling device behind a NAT, it wouldn't work any better than the MS one.
My wife uses a VPN client over the same network connection that I use.
She uses VPN1 and while I am not 100% sure I would guess she uses IPSEC
because she works for a large organization that is big on security.
This is a joke. I'll just buy a vpn appliance so I can get back to
work and not have to continue playing with this mickeymouseware
Kurt wrote:Ned wrote:I can only connect to my L2TP vpn if my home pc (XP sp2 with nat-tI have never got L2TP to work through a NAT. Some routers provide "NAT
registry edit) has a public ip address. I had the same problem when I
was at XP sp1. The second I put my pc behind a router with nat (netgear
fwag114) I get a timeout. PPTP works just fine either way (nat or
public ip)
At work I have a Windows 2003 server with the lastest service pack
behind a cisco 2600 router without NAT. The server has a public IP
address on its external nic and a private IP on the internal nic. The
external nic has a default gateway pointing to the cisco router and the
internal nic has static routes for my lan. I am using PSK with l2tp.
I have tried everything and I need to have this working tomorrow. Has
anyone gotten this to work? am I missing something?
Traversal" that is supposed to work, but I've never tried one. Even so,
you'd have to be able to guarantee one of those routers be available
everywhere you're connecting from. If this is for road warriors, I'd
stick with PPTP. IF this is for a fixed remote site, go with a hardware
IPSec solution.
I'm not any kind of authority here, if someone else knows how to
"dummy-down" the header authentication so that it will work through a
NAT, I'd like to know.
...kurt
....kurt
.
- Follow-Ups:
- References:
- Prev by Date: Re: Configured Modem Unusable Unless Switched On At Boot-time ?
- Next by Date: Re: Internet and intranet domain name - problem with dns!
- Previous by thread: Re: Can't get L2TP VPN working with NAT...PPTP works fine
- Next by thread: Re: Can't get L2TP VPN working with NAT...PPTP works fine
- Index(es):
Relevant Pages
|
