Re: VPN client behind Windows 2003 NAT problem
- From: ChuckM <ChuckM@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 31 Oct 2005 08:10:17 -0800
Thanks Robert.
I installed the tools and watched via IPSec Monitor. It really didn't tell
me anything. The client and the remote machine connect and exchange packets,
but as soon as the connection becomes secure, the replies from the remote
server never make it to the client. The tools don't tell why they are being
blocked.
One thing that did occur to me, though is that the VPN client hides the LAN
from the client, overriding settings with those of the remote network. I
wonder if this is preventing the client from communicating with the 2003
server NAT service.
Like I said earlier, this worked with our Linksys router acting as the NAT
firewall, but not windows 2003 server acting as the NAT firewall. I think we
will just buy another hardware firewall and blow off the Microsoft solution.
"Robert L [MS-MVP]" wrote:
> Then you can use IP Security Monitor to troubleshoot it. More IPSec troubleshooting tools can be found this web page,
>
> IPSec Audit Policy: To troubleshoot IPSec when it does not behave the way that you expect it to, first check the results of the Phase One and Phase Two exchanges ...
> www.chicagotech.net/ipsec.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "ChuckM" <ChuckM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:EC4137FF-7BAB-4550-B80C-C036FA90E48E@xxxxxxxxxxxxxxxx
> Thanks Robert,
> I looked through the information at the site you recommended. However, I
> didn't find anything that fixes this.
>
> Port 500 is open on the WAN side in the NAT properties panel. I tried both
> localhost(default) and the internal client IP addresses with no luck.
>
>
> "Robert L [MS-MVP]" wrote:
>
> > If this is IPSec VPN, you may need to open the port UDP 500. these web pages may help,
> >
> > IPSec The ports need to open for IPSec The IPSec Policy storage container could not be opened Time out when using ping command Troubleshooting IPSec ...
> > www.chicagotech.net/ipsec.htm
> >
> > NAT and Firewall In the Select Routing Protocol dialog box, click NAT/Firewall, and then click OK. How to enable NAT name resolution Open Routing and Remote Access>server ...
> > www.chicagotech.net/nat.htm
> >
> >
> >
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> > "ChuckM" <ChuckM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:C44329EA-DCF1-49F7-A272-8320D024BAAA@xxxxxxxxxxxxxxxx
> > Hi all,
> > I have a third party VPN client on an XP workstation on a private LAN. The
> > Win 2003 server is the router/nat. The NAT service must be corrupting or
> > blocking the IPSEC packets because the handshaking is successful up to the
> > moment that the VPN is established and then times out waiting on the remote
> > server. If I connect the workstation directly to the internet, it works.
> >
> > I've tried a number of different settings in RRAS to make this work.
> >
> > Any ideas?
> > Chuck
.
- Follow-Ups:
- Re: VPN client behind Windows 2003 NAT problem
- From: Neteng
- Re: VPN client behind Windows 2003 NAT problem
- Prev by Date: Re: VPN Connection Error 628 and 721 over Linksys
- Next by Date: Re: VPN client behind Windows 2003 NAT problem
- Previous by thread: CMAK and "Automatically use my Windows logon name and password"
- Next by thread: Re: VPN client behind Windows 2003 NAT problem
- Index(es):
Relevant Pages
|
|
