Re: L2TP/IPSec through NAT or NAT-T configuration

ogvalverde · ‎02-11-2003

Does anybody knows how to configure W2K clients to work through a NAT device? I have them working with public IPs, but I cannot make them work with a private IP (only one client per NAT device)

I have already activated NAT-T, but I get one of this messages (depending on the client IPSec policy):

Received invalid phase 2 L2TP/IPSec Responder ID payload

Expected ID: Type 1, Proto 17, Port 1701, Addr 111.111.111.1

Received ID: Type 1, Proto 0, Port 0, Addr 111.111.111.1

Received invalid phase 2 L2TP/IPSec Responder ID payload

Expected ID: Type 1, Proto 17, Port 1701, Addr 111.111.111.1

Received ID: Type 1, Proto 17, Port 1701, Addr 172.16.0.5

VPN 3000 version is 3.6.3.

Thanks in advance.

wei.hu · ‎02-11-2003

Refer to Microsoft Technet article:

"Basic L2TP/IPSec Troubleshooting in Windows XP"

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B314831

Microsoft VPN Client currently doesn't provide the similiar feature like cisco's "transparent tunnel" to support IPSec VPN with NAT.

Regards,

Wei

ogvalverde · ‎02-12-2003

Hi Wei,

I had already read that article, but other MS articles and Cisco Support pages say it is possible to do it.

I've just opened a case at Microsoft to see what happens with this.

I'll reply with the final answer.

Thanks a lot.

Best Regards. Oscar