Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
0
Helpful
2
Replies

IPSec using NAT

eric.cote
Level 4
Level 4

‎07-29-2002 12:02 PM - edited ‎02-21-2020 11:57 AM

Is it possible to use L2TP with IPSec through a Pix firewall running NAT? The setup would be, a Microsoft operating system using the embedded IPSec client attempting to connect to a Microsoft 2k server running IPSec. I seem to be reading contrasting documentation on the web. The latest I have read this is not possible using NAT due to the encryption of the transport layer.

Labels:
0 Helpful
2 Replies 2

paqiu
Level 1
Level 1

‎07-29-2002 03:18 PM

Hi Eric,

You can not pass L2tp with IPSEC over PIX firewall doing PAT or NAT overloading.

You can pass PPTP or L2TP with IPSEC over static NAT or NAT Pool (not overloading, still one to one nat).

Best Regards,

0 Helpful

afakhan
Level 4
Level 4

‎07-29-2002 09:02 PM

Hi Eric,

L2TP over IPSec with Transport mode is not compatible with any kind of NATing, be it Static or Dynamic, Tunnel mode works fine with Static(1-to-1, or many-to-many NATing only.

One example of L2TP over IPSec using Transport mode is when you connect to VPN3K concentrator, I'm not sure about MS ISA server.

Thanks,

Afaq

0 Helpful
Customers Also Viewed These Support Documents