Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
NAT and VPN passthrough
- Thread starter Speng
- Start date
paul123456
Technical User
A little more explanation plz..do you have ISA server as your firewall? or is your router a firewall? first thing you'll need to do is allow the appropriate ports to be forwarded to your vpn server machine on your router. you'll need the GRE protocal and 1024 or pptp, If your using ISA create an allow policy for the ports...
Thanks, PAUL
Thanks, PAUL
- Thread starter
- #3
paul123456
Technical User
Under local area connection in the advance tab click the settings box for the firewall..here you will need to allow the ports for the type of vpn and the gre protocal...I do imagine u set up RAS already for a vpn server right?
Thanks, PAUL
Thanks, PAUL
- Thread starter
- #5
Actually, let me clarify.
No one will be accessing my site through VPN. I am tring to access others VPN through the Win2K3 server. I have NAT and DHCP installed. Everything works except accessing a clients VPN through Win2k3.
(client VPN)>(my win2k3 server)>(my computer)
The Win2k3 machine is not letting my computer and the client VPN communicate properly.
No one will be accessing my site through VPN. I am tring to access others VPN through the Win2K3 server. I have NAT and DHCP installed. Everything works except accessing a clients VPN through Win2k3.
(client VPN)>(my win2k3 server)>(my computer)
The Win2k3 machine is not letting my computer and the client VPN communicate properly.
mickeytech
MIS
I have the exact same problem with Windows 2000 Advance Server being the router, NAT, DNS, etc. In the past, Microsoft doesn't support IPSEC over NAT. With the lastest updates, it is supposed to support that. The key is to open those ports.
Paul, how do you setup 'GRE protocal and 1024 or pptp' and how do you setup 'RAS for a vpn server'?
Thank you.
Paul, how do you setup 'GRE protocal and 1024 or pptp' and how do you setup 'RAS for a vpn server'?
Thank you.
paul123456
Technical User
same thing then...you will need to configure so that it allows for the GRE protocol of (port 47) and open upd port 500 for ipsec open tcp port 1723 in case you are
using PPTP. For L2TP, it is 1701. you will need to configure this under your firewall settings...allow these ports to be passed through...so that your users can connect..if you have more questions or you are confused ask.
Thanks, PAUL
using PPTP. For L2TP, it is 1701. you will need to configure this under your firewall settings...allow these ports to be passed through...so that your users can connect..if you have more questions or you are confused ask.
Thanks, PAUL
paul123456
Technical User
oh sry about the 1024..i was thinking of something else...replace 1024 with 1723..that is the correct port for l2tp
Thanks, PAUL
Thanks, PAUL
mickeytech
MIS
Paul,
Thanks for your reply. How do you open those ports? I don't have firewall...
Thanks again.
Thanks for your reply. How do you open those ports? I don't have firewall...
Thanks again.
paul123456
Technical User
IF you don't have a firewall and your not behind a router...and you directly connected to the internet with your server then there is no need to open/forward ports...just install RAS on your server and follow the wizard..remmemerb to grant your users dial in permissions on the property tab or if you configured your RAS server to look at its policy to allow then to connect through the policy
Thanks, PAUL
Thanks, PAUL
mickeytech
MIS
My server is a router running NAT. I am connecting to other VPN server through my NATted environment.
Thanks again.
Thanks again.
paul123456
Technical User
Whats the problem your having? u just can't connect with one of your clients behind your nat? what are u connecting to? is it a server vpn? what OS is it running?
Thanks, PAUL
Thanks, PAUL
paul123456
Technical User
just use port forwarding...port forwad all of the ports mentioned above to the private ip address of the server..
Thanks, PAUL
Thanks, PAUL
mickeytech
MIS
Paul,
My problem is that any client behind the NAT are not able to connect to a VPN server across the internet. If I bypass the NAT, it is working fine. I got an 'IPSEC communication error...' I did a port scan on the NAT server. Ports 50, 51, 500, etc are all closed. So I need to know how to open up those ports...
Thanks.
My problem is that any client behind the NAT are not able to connect to a VPN server across the internet. If I bypass the NAT, it is working fine. I got an 'IPSEC communication error...' I did a port scan on the NAT server. Ports 50, 51, 500, etc are all closed. So I need to know how to open up those ports...
Thanks.
- Thread starter
- #16
Quit hijaacking my post!!! 
<joking>
The issue I have is the Win2K3 server isn't passing those ports. I have no hardware firewall, my Win2K3 server is my connection to the internet. There is on domain. I set up the server as a simple firewall (for my other puters), NAT, DHCP. If you are talking about a software firewall in Win2K3, I don't think I have one installed, but knowing MS, they probably auto-install something. Any clues as to how to check and if it is installed, and how to open the ports if it is installed, would be appreciated.
<joking>The issue I have is the Win2K3 server isn't passing those ports. I have no hardware firewall, my Win2K3 server is my connection to the internet. There is on domain. I set up the server as a simple firewall (for my other puters), NAT, DHCP. If you are talking about a software firewall in Win2K3, I don't think I have one installed, but knowing MS, they probably auto-install something. Any clues as to how to check and if it is installed, and how to open the ports if it is installed, would be appreciated.
paul123456
Technical User
ok for speng..and for mickey.I need to know your OS of the client you are connecting from..if it is a 9X machine or NT download and install this client software.
if that doesn't fix your problem or you have windows 2000 or xp then do the following
with microsoft server 2003 it does support l2pt w/ ipsec behind NAT..so in order to isolate the problem, try connecting to the VPN server with the server 2003 as the client..if it works then update your OS that you are using with the windows update feature.
also spent u said that u installed a firewall? what kind? and were? if its the built in firewall then you will need to allow these ports to pass through...let me know what kind of firewall...
Thanks, PAUL
if that doesn't fix your problem or you have windows 2000 or xp then do the following
with microsoft server 2003 it does support l2pt w/ ipsec behind NAT..so in order to isolate the problem, try connecting to the VPN server with the server 2003 as the client..if it works then update your OS that you are using with the windows update feature.
also spent u said that u installed a firewall? what kind? and were? if its the built in firewall then you will need to allow these ports to pass through...let me know what kind of firewall...
Thanks, PAUL
- Thread starter
- #18
paul123456
Technical User
Ok no firewall..did u do what i mentioned on the previous post?
Thanks, PAUL
Thanks, PAUL
- Thread starter
- #20
Sorry, replied too fast....I am using Win XP on all clients that I've tried to access VPN. I'm currently reinstalling my Win2K3 server (40 beeeeellion changes that didn't help), so I can't test the VPN client on the server right now.
I always update from windowsupdate everytime I install a new system and set the auto download feature, so that shouldn't be the issue.
I always update from windowsupdate everytime I install a new system and set the auto download feature, so that shouldn't be the issue.
- Status
Similar threads
- Locked
- Question