Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN through firewal NAT

Status
Not open for further replies.
eagriffin

eagriffin

IS-IT--Management
Mar 29, 2002
16
US
I am running I vpn server (Windows 2000) inside I netscreen firewall. The external address for the windows box is set up to a nat address on the firewall, we are using pptp and it is working fine. I am wondering if I switch this over to l2tp with ipsec is the nat going to cause problems with the AH protocol? Is there a way around this problem?
Thanks
 
Sort by date Sort by votes
Did you ever get the L2tp/IPSEC working through the netscreen? I am in the process of setting up what you already have. What do I have to open up on the Netscreen box for clients to get through to the MS VPN server. You can reach me at RSobin@ptfs.com

Thanks,
Rich
 
Upvote 0 Downvote
We are not yet using l2tp with ipsec. We are using PPTP with MPPE encryption. In order to support this you will need to do the following.

Install Routing and Remote Access on the Windows Server.
You will read that you need 2 network cards to do this, however you can use a nat address on the netscreen firewall. When you install Routing and Remote Access install it with the default configuration, do not select vpn server or you will have a lot of nic problems. Click start, programs, administrative tools, and click Routing and Remote Access. Right click the server name and select Configure and Enable Routing and Remote Access, select next, then select Manually configure Server. From there you will need to manually configure your ports, (pptp, l2tp, or modem ports), and configure your remote access policies and encryption requirements.

Configure the Firewall to NAT the traffic and to allow the traffic.

Click on Network in the Netscreen Firewall, then Interfaces. Click Edit, for the untrusted Interface. Select MIP on the top left of the screen and create a new NAT address for the RAS Server.

Create a new Policy by selecting, Policies, then from Untrust to Trust permit PPTP or L2TP from the new external Nat address to internal address of your RAS Server.

Hope this is helpful. I'll send contact info offline.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
449
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
337
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
278
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
242
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
318
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top