Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

L2TP/IPSec through NAT or NAT-T configuration

Does anybody knows how to configure W2K clients to work through a NAT device? I have them working with public IPs, but I cannot make them work with a private IP (only one client per NAT device)

I have already activated NAT-T, but I get one of this messages (depending on the client IPSec policy):

Received invalid phase 2 L2TP/IPSec Responder ID payload

Expected ID: Type 1, Proto 17, Port 1701, Addr 111.111.111.1

Received ID: Type 1, Proto 0, Port 0, Addr 111.111.111.1

Received invalid phase 2 L2TP/IPSec Responder ID payload

Expected ID: Type 1, Proto 17, Port 1701, Addr 111.111.111.1

Received ID: Type 1, Proto 17, Port 1701, Addr 172.16.0.5

VPN 3000 version is 3.6.3.

Thanks in advance.

  • Other Security Subjects
2 REPLIES
New Member

Re: L2TP/IPSec through NAT or NAT-T configuration

Refer to Microsoft Technet article:

"Basic L2TP/IPSec Troubleshooting in Windows XP"

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B314831

Microsoft VPN Client currently doesn't provide the similiar feature like cisco's "transparent tunnel" to support IPSec VPN with NAT.

Regards,

Wei

New Member

Re: L2TP/IPSec through NAT or NAT-T configuration

Hi Wei,

I had already read that article, but other MS articles and Cisco Support pages say it is possible to do it.

I've just opened a case at Microsoft to see what happens with this.

I'll reply with the final answer.

Thanks a lot.

Best Regards. Oscar

315
Views
0
Helpful
2
Replies
This widget could not be displayed.