Re: Windows 2003 Server NAT not allowing IPSEC to go through.

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: William Gault (anonymous_at_discussions.microsoft.com)
Date: 04/07/04 

Date: Wed, 7 Apr 2004 10:16:08 -0700

If I'm using NAT without any packet filtering or firewalling, these ports should just be open and the packets should just pass through, should they not?
     
     ----- Sharoon Shetty K [MSFT] wrote: -----
     
     Also check if the UDP ports 1701, 4500 [NAT-T] are also opened.
     
     --
     
     Thanks
     Sharoon
     sharoons@online.microsoft.com
     
     This posting is provided "AS IS" with no warranties, and confers no rights.
     
     "William Gault" <billgault@hotmail.com> wrote in message
     news:3F9ACF04-0E91-4444-B89D-A5CB4CBBF2AE@microsoft.com...
> Hopefully someone will have some insight into this problem...
>> I'm at a site with a basic Windows 2003 Server Standard install which has
     NAT running on it, with the statically assigned internet on one NIC, and the
     network on the other NIC.
>> All client systems can properly access the internet (web, ICQ, email, etc)
     except for field engineers coming from another company, attempting to
     connect to their server using IPSec.
>> It's a basic install with no extras turned on, firewalls disabled on the
     NIC and in NAT, no packet filtering on the NIC or in NAT...
>> The clients are using Nortal Extranet that connects through IPSec (their
     documentation asks that IP Port 50, UDP Port 500 and UDP Port 2001 be
     opened). It's my understanding that NAT will correctly relay this
     information without any issues?
>> I connected one of the clients directly into our internet connection and
     successfully connected to the end computer, so the problem is definitely
     something on the server.
>> Also, I was able to set this same configuration up through NAT last year
     on a similar server running Windows 2000 Server (for the same clients)
     without any issues using the same information.
>> Any help or suggestions would be appreciated. Thanks in advance...
     
     
     

Relevant Pages

  • FW NAT and Keep State
    ... Re WiFi set up with three computer access. ... I know a little about Firewalls in relation to Packet Filtering, ... I have been told that with NAT there is no real need to have any ... inbound protection as NAT takes care of it. ...
    (comp.os.linux.networking)
  • Re: Double NAT?
    ... >>Is it possible to install a firewall that perform one time more the NAT? ... Because Zyxel perform only packet filtering, ... Transparent proxy for FTP, WEB. ...
    (comp.security.firewalls)
  • Re: suggestions on router w/firewall
    ... of using NAT, even with SPI, as a firewall method. ... describe standard NAT as a firewall service. ... That sentence refers to four concepts: NAT, router, simple packet filtering, ... created port table to packet header info, and NAT does change the packet. ...
    (comp.security.firewalls)
  • Re: iptables 1.2.7a "iptables-save" bug?
    ... As I understand it all of the actual packet filtering for masquerading is ... done on the FORWARD chain of the FILTER table. ... Is there a need to modify the default policies on the NAT and MANGLE ...
    (comp.os.linux.security)
  • Re: EBS 2008, TMG and external firewall. Dont want double NAT
    ... This is done because Exchange is bound to the internal interface and leaves the external interface to be *completely* controlled by TMG...a good security guideline by the way. ... If you are disabling NAT then you'll need to change this from a publishing rule to an access rule, but it should still work fine. ... The first is an access rule allows traffic from the internal IP to the external interface and to the messaging server ... One of the default rules is an "internet access for all users" that allows http and https by default. ...
    (microsoft.public.windows.server.sbs)