Re: Windows 2003 Server NAT not allowing IPSEC to go through.

From: Sharoon Shetty K [MSFT] (sharoons_at_online.microsoft.com)
Date: 04/07/04 

Date: Wed, 7 Apr 2004 10:46:22 +0530

Also check if the UDP ports 1701, 4500 [NAT-T] are also opened. 

-- 
Thanks
Sharoon
sharoons@online.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights.
"William Gault" <billgault@hotmail.com> wrote in message
news:3F9ACF04-0E91-4444-B89D-A5CB4CBBF2AE@microsoft.com...
> Hopefully someone will have some insight into this problem...
>
> I'm at a site with a basic Windows 2003 Server Standard install which has
NAT running on it, with the statically assigned internet on one NIC, and the
network on the other NIC.
>
> All client systems can properly access the internet (web, ICQ, email, etc)
except for field engineers coming from another company, attempting to
connect to their server using IPSec.
>
> It's a basic install with no extras turned on, firewalls disabled on the
NIC and in NAT, no packet filtering on the NIC or in NAT...
>
> The clients are using Nortal Extranet that connects through IPSec (their
documentation asks that IP Port 50, UDP Port 500 and UDP Port 2001 be
opened). It's my understanding that NAT will correctly relay this
information without any issues?
>
> I connected one of the clients directly into our internet connection and
successfully connected to the end computer, so the problem is definitely
something on the server.
>
> Also, I was able to set this same configuration up through NAT last year
on a similar server running Windows 2000 Server (for the same clients)
without any issues using the same information.
>
> Any help or suggestions would be appreciated. Thanks in advance...

Relevant Pages

  • Re: natting in win2000
    ... The normal operation of NAT is to use the NAT router ... as its own DHCP-type allocator and to use the NAT router as a DNS relay. ... local DNS server. ... will give the clients the wrong DNS address. ...
    (microsoft.public.win2000.ras_routing)
  • Re: XP SP2, NAT-T & L2TP/IPSEC.
    ... "With the IPSec NAT-T support in the Microsoft L2TP/IPSec VPN client, ... sessions can go through a NAT when the VPN server also supports IPSec NAT-T. ... IPSec NAT-T is supported by Windows Server 2003. ... >> clients that are behind a nat. ...
    (microsoft.public.win2000.networking)
  • NAT Internet connectivity from VMWare virtual LAN with 2003/XP
    ... so I have this VMWare workstation virtual test network. ... subnets connected to virtual NICs in the server. ... server so the XP clients can talk to each other on the different segments. ... VMWare as "NAT, share host IP address" and let this be the ...
    (microsoft.public.windows.server.networking)
  • NAT and AD
    ... Clients are XP Pro SP1 &2. ... We ran out of public ip addresses so I added a NIC card & RRAS w/ NAT & ... clients to the domain, installing AD published printers, and all applications ... connections to the printers (on a AD server) and the server that has their ...
    (microsoft.public.win2000.active_directory)
  • NAT-T and L2TP
    ... clients connect OK in from internet to private address range on ... W2003 server. ... release 6.3running NAT and which is meant to fully ...
    (microsoft.public.win2000.ras_routing)