Thanks -----Original Message----- From: Mailing list for discussion ofFirewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Previtera, Sal Sent: Monday, February 28, 2005 7:23 PM To: [email protected] Subject: Re: [FW-1] Ms Vpn Connection to Server
More Info can be found on MS site a http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2 tpcl ient.asp " A second common problem that prevents a successful IPSec session is the use of a Network Address Translator (NAT). Many small networks use a router with NAT functionality as a way to share a single Internet address among all of the computers on the network. The original version of IPSec will drop a connection that goes through a NAT because it interprets the NAT's address mapping as packet tampering. Home networks often use a NAT, blocking the use of L2TP/IPSec unless the client and VPN gateway both support the emerging NAT traversal standard for IPSec. See the discussion of NAT traversal below. If the connection fails after you are asked for user name and password, the IPSec session has been established, it is likely that there is something wrong with your user name and password. There could also be other server settings that are preventing a successful L2TP connection. Send the PPP log to your network administrator. NAT Traversal Microsoft L2TP/IPSec VPN Client includes support for a new feature that will allow IPSec sessions to traverse a NAT. This new feature is not supported by a Windows 2000-based VPN server, but will be used whenever the client connects to a VPN server that supports the NAT-Traversal extensions of IPSec (described in the Internet drafts titled "UDP Encapsulation of IPSec Packets" [draft-ietf-ipsec-udp-encaps-02.txt] and "Negotiation of NAT-Traversal in the IKE" [draft-ietf-ipsec-nat-t-ike-02.txt]). Microsoft plans to support these IPSec extensions in the Windows Server 2003 family. Other vendors are working to support these IPSec extensions and have compatible VPN servers in development. Check with your administrator or VPN gateway vendor to see if this capability is supported. " -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Jason Cameron Sent: Monday, February 28, 2005 9:37 AM To: [email protected] Subject: [FW-1] Ms Vpn Connection to Server Hi All I am trying to establish a connection to server through my firewall to a client on the Internet. . I use the Microsoft new connection Wizard to create a virtual private connection to my client's vpn server. I have allowed the service " gre " and " pptp_tcp " out. When I create a static one to one nat for my internal ip to a external routable Internet address it work's . However when I use hide nat and hide my internal ip behind the firewalls external internet ip it fails Every time on " verifying username and password " Has anybody attempted this and got it working & if not please explain why it does not work with " Hide Nat " >> Thanks in advance ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
