You need to use NG with AI R55 with at least HFA_10 or later for this to work.
This used to work in CP 4.1 with "hide" NAT for a single connection but CP stops supporting it in NG then changed in their mind with NG with AI R55. Therefore, you need to run at least HFA_10 or higher for this to work. "Previtera, Sal" <[EMAIL PROTECTED]> wrote: More Info can be found on MS site a http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpcl ient.asp " A second common problem that prevents a successful IPSec session is the use of a Network Address Translator (NAT). Many small networks use a router with NAT functionality as a way to share a single Internet address among all of the computers on the network. The original version of IPSec will drop a connection that goes through a NAT because it interprets the NAT's address mapping as packet tampering. Home networks often use a NAT, blocking the use of L2TP/IPSec unless the client and VPN gateway both support the emerging NAT traversal standard for IPSec. See the discussion of NAT traversal below. If the connection fails after you are asked for user name and password, the IPSec session has been established, it is likely that there is something wrong with your user name and password. There could also be other server settings that are preventing a successful L2TP connection. Send the PPP log to your network administrator. NAT Traversal Microsoft L2TP/IPSec VPN Client includes support for a new feature that will allow IPSec sessions to traverse a NAT. This new feature is not supported by a Windows 2000-based VPN server, but will be used whenever the client connects to a VPN server that supports the NAT-Traversal extensions of IPSec (described in the Internet drafts titled "UDP Encapsulation of IPSec Packets" [draft-ietf-ipsec-udp-encaps-02.txt] and "Negotiation of NAT-Traversal in the IKE" [draft-ietf-ipsec-nat-t-ike-02.txt]). Microsoft plans to support these IPSec extensions in the Windows Server 2003 family. Other vendors are working to support these IPSec extensions and have compatible VPN servers in development. Check with your administrator or VPN gateway vendor to see if this capability is supported. " -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Jason Cameron Sent: Monday, February 28, 2005 9:37 AM To: [email protected] Subject: [FW-1] Ms Vpn Connection to Server Hi All I am trying to establish a connection to server through my firewall to a client on the Internet. . I use the Microsoft new connection Wizard to create a virtual private connection to my client's vpn server. I have allowed the service " gre " and " pptp_tcp " out. When I create a static one to one nat for my internal ip to a external routable Internet address it work's . However when I use hide nat and hide my internal ip behind the firewalls external internet ip it fails Every time on " verifying username and password " Has anybody attempted this and got it working & if not please explain why it does not work with " Hide Nat " >> Thanks in advance ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
