Re: VPN client behind Windows 2003 NAT problem
- From: "Neteng" <neteng.ccie@xxxxxxxxx>
- Date: Mon, 31 Oct 2005 10:55:10 -0600
I don't think that MS supports NAT-T, which sounds like the issue.
"ChuckM" <ChuckM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8DC77670-CC90-48CD-8A90-E6EEBEB8BA32@xxxxxxxxxxxxxxxx
> Thanks Robert.
> I installed the tools and watched via IPSec Monitor. It really didn't
tell
> me anything. The client and the remote machine connect and exchange
packets,
> but as soon as the connection becomes secure, the replies from the remote
> server never make it to the client. The tools don't tell why they are
being
> blocked.
>
> One thing that did occur to me, though is that the VPN client hides the
LAN
> from the client, overriding settings with those of the remote network. I
> wonder if this is preventing the client from communicating with the 2003
> server NAT service.
>
> Like I said earlier, this worked with our Linksys router acting as the NAT
> firewall, but not windows 2003 server acting as the NAT firewall. I think
we
> will just buy another hardware firewall and blow off the Microsoft
solution.
>
> "Robert L [MS-MVP]" wrote:
>
> > Then you can use IP Security Monitor to troubleshoot it. More IPSec
troubleshooting tools can be found this web page,
> >
> > IPSec Audit Policy: To troubleshoot IPSec when it does not behave the
way that you expect it to, first check the results of the Phase One and
Phase Two exchanges ...
> > www.chicagotech.net/ipsec.htm
> >
> >
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
> > "ChuckM" <ChuckM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EC4137FF-7BAB-4550-B80C-C036FA90E48E@xxxxxxxxxxxxxxxx
> > Thanks Robert,
> > I looked through the information at the site you recommended.
However, I
> > didn't find anything that fixes this.
> >
> > Port 500 is open on the WAN side in the NAT properties panel. I tried
both
> > localhost(default) and the internal client IP addresses with no luck.
> >
> >
> > "Robert L [MS-MVP]" wrote:
> >
> > > If this is IPSec VPN, you may need to open the port UDP 500. these
web pages may help,
> > >
> > > IPSec The ports need to open for IPSec The IPSec Policy storage
container could not be opened Time out when using ping command
Troubleshooting IPSec ...
> > > www.chicagotech.net/ipsec.htm
> > >
> > > NAT and Firewall In the Select Routing Protocol dialog box,
click NAT/Firewall, and then click OK. How to enable NAT name resolution
Open Routing and Remote Access>server ...
> > > www.chicagotech.net/nat.htm
> > >
> > >
> > >
> > > Bob Lin, MS-MVP, MCSE & CNE
> > > Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
> > > How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
> > > "ChuckM" <ChuckM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C44329EA-DCF1-49F7-A272-8320D024BAAA@xxxxxxxxxxxxxxxx
> > > Hi all,
> > > I have a third party VPN client on an XP workstation on a private
LAN. The
> > > Win 2003 server is the router/nat. The NAT service must be
corrupting or
> > > blocking the IPSEC packets because the handshaking is successful
up to the
> > > moment that the VPN is established and then times out waiting on
the remote
> > > server. If I connect the workstation directly to the internet, it
works.
> > >
> > > I've tried a number of different settings in RRAS to make this
work.
> > >
> > > Any ideas?
> > > Chuck
.
- References:
- Re: VPN client behind Windows 2003 NAT problem
- From: ChuckM
- Re: VPN client behind Windows 2003 NAT problem
- Prev by Date: Re: VPN client behind Windows 2003 NAT problem
- Next by Date: Re: VPN client adds wrong route to local route table
- Previous by thread: Re: VPN client behind Windows 2003 NAT problem
- Index(es):
Relevant Pages
|
|
