MS VPN server behind a NAT device

[Starlord006]

I'm actually running a Win2k3 Server with FTP, Mail, Web, and file server on it I've set up the RAS services to be used vith VPN on only 1 adapter. NAT ports redirected to the server: TCP-1723, UDP-1701, UDP-500

The client station is a Windows XP native VPN client, with the patch for NAT-T installed.
Patch--->

http://support.microsoft.com/?kbid=818043

tests:

1.- Connection from the internal side of the NAT with PPTP, L2TP/IPSec, work's fine.

2.- Connection from outside the NAT with PPTP established the PPTP connection but get stuck to Verify Username and Password. until I get a Error 721 "the remote computer did not respond"

3.- Connection from outside the NAT with L2TP/IPSec first without certificate, and always getting "need certificate" and once I've put all the certificate correctely in place, I'm not able to established a connection at all until I get a Error 792 "Failled because security negociation timed out"

Starlord006

 

[FaiTHLeSS]

You will also need to forward GRE protocol to the VPN server, GRE is protocol 47, not this is a protocol number not a port number.

 

[pborkstrom]

You may want to find out if your NAT device supports VPN passthough. I'm running a Netgear MR314 and use PAT, and I have no problems with the Microsoft built-in VPN functionality.

Another thing....how are you going from outside the network to inside the network? I know that AOL doesn't allow VPN traffic (they block it, for whatever reason), and if you're behind a CISCO firewall and trying to get back into your network, unless those ports are allowed to pass, you'll time out.

At my company, I can't get into my network (at home), but if I dial up to the mom n' pop ISP, I can get in. Behind our firwall (Cisco PIX), I can't. Hope that helps.

-pborkstrom

http://www.theverseband.com