VPN NAT to NAT 1

[freebird72]

I have a SonicWall on my network running NAT with VPN setup. I have the VPN client running on a Win2K PC. I can connect to the network just fine with the VPN client through a normal dial-up connection.

When I try to connect from behind another network running NAT I can ping IP addreses but cannot browse network shares or resources. Any idea why?

Thanks in advance,
Don

 

[mdroberts]

I have been struggling with the same problem and was frustrated by the lack of information on the web about this issue.

Everything worked fine dial-up.

But working through a NAT Gateway from home (D-Link 704) through my DSL connection, I could only ping machines inside work, but not browse or map drives or even run Outlook.

Another thread on this forum suggested that the MTU would have to be adjusted due to the improper fragmentation of large packets that the home NAT gateways do to VPN packets.

Sure enough... if I pinged with specifed sizes of packets and no fragmentation "ping -f -l 1362 machine-name" I found that any packets above 1362 failed and those below worked fine. I adjusted my MTU via the Registry to 1362 and now I can run Outlook through the home gateway to work over the VPN software!

I still cannot browse or map drives... so I'm still looking for the solution for that problem... but having Outlook running is great progress for me.

 

[freebird72]

It was a simple mistake on my part. I had to enable IPSec pass through on my linksys router and also had to add the same rule on the SonicWall. No where in the SonicWall setup does it say you need to do this. After a lot of troubleshooting I figured it out.

 

[RoSniper]

Hmm, you should try enabling DMZ for the computer running the VPN client. This gave me some hope but it still does not work 100%. Please reply if this works for anybody else. I searched the internet for a very long time on this issue but this was the only thing i came up with, so again please reply if this worked for you and include what you did to make it work. Thanks

Razvan Scutaru

 

[Guest_imported]

AS FREEBIRD72 found out you cannot NAT VPN packets you have to enable ipsec passthru or on a cisco product create an access list that prevents the NATing of the VPN packet.

 

[ryoun1b]

Our best results are found from a router to router Sonicwall solution. We tinkered with the client for months are still using it in a dial up situation, but for our broadband solutions, we have moved to a Sonicwall Tele3 solution on the remote side. This solved all of our Netbios needs to browse the network.

Also make sure that you have enabled netbios to be passed through the sonicwall from lan to wan under Access Services.

 

[ucallwa]

I am trying to get the Dlink wireless to work with the Nortel Client, if any one has suggestions please let me know. But for the reply stating that NAT does not work, it did not work with nortel clients 3.7 and lower, but versions 4.15 and higher it does work, we are currently using 4.6 and we force users that are behind routers to use NAT instead of IPSec passthrough and for the LinkSys you have to disable the ipsec passthrough to be able to connect.