Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
802
Views
0
Helpful
2
Replies

L2TP/IPSec through NAT or NAT-T configuration

ogvalverde
Level 1
Level 1

‎02-11-2003 03:58 AM - edited ‎03-09-2019 02:02 AM

Does anybody knows how to configure W2K clients to work through a NAT device? I have them working with public IPs, but I cannot make them work with a private IP (only one client per NAT device)

I have already activated NAT-T, but I get one of this messages (depending on the client IPSec policy):

Received invalid phase 2 L2TP/IPSec Responder ID payload

Expected ID: Type 1, Proto 17, Port 1701, Addr 111.111.111.1

Received ID: Type 1, Proto 0, Port 0, Addr 111.111.111.1

Received invalid phase 2 L2TP/IPSec Responder ID payload

Expected ID: Type 1, Proto 17, Port 1701, Addr 111.111.111.1

Received ID: Type 1, Proto 17, Port 1701, Addr 172.16.0.5

VPN 3000 version is 3.6.3.

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

wei.hu
Level 1
Level 1

‎02-11-2003 04:53 PM

Refer to Microsoft Technet article:

"Basic L2TP/IPSec Troubleshooting in Windows XP"

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B314831

Microsoft VPN Client currently doesn't provide the similiar feature like cisco's "transparent tunnel" to support IPSec VPN with NAT.

Regards,

Wei

0 Helpful

ogvalverde
Level 1
Level 1
In response to wei.hu

‎02-12-2003 02:04 AM

Hi Wei,

I had already read that article, but other MS articles and Cisco Support pages say it is possible to do it.

I've just opened a case at Microsoft to see what happens with this.

I'll reply with the final answer.

Thanks a lot.

Best Regards. Oscar

0 Helpful
Customers Also Viewed These Support Documents