Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Win-Client L2TP/IPSEC-VPN through NAT -> IOS-Router


I'm trying to configure the following for quite some time now but i cannot get it running.

What i'm trying to do is

- having a W2K / W-XP-Client in a local network with private IP (RFC1918)

- having a DSL-router for the connection to the internet

- having a 1761 as VPN endpoint at the office

If i configure the W2K to connect directly to internet (via PPPoE dial-up connection) and building a L2TP/IPSec-Tunnel 'ontop' everything works fine and i can connect to every machine located at the office.

What i'm not able to is to get this running with a router (Netgear RP114 in this case) in between - means the PPPoE connect to internet is handled on the router. As far as i understood it up to know the issue goes to NAT-T. Is there some sample solution for this (if it's possible at all)?

The router is configured to forward (for the ease of use) every packet from outside to the W2K-machine inside. So 500/udp and 4500/udp should come through...

I'm trying to avoid the use of the Cisco-VPN-Client if possible - managemt wants to be as 'microsoft native' as possible...

BR and TIA



Re: Win-Client L2TP/IPSEC-VPN through NAT -> IOS-Router


Only difference could be the DSL router performing PAT/NAT, as opposed to you connecting your PC directly to ISP(getting routable IP on it), and reason being L2TP over IPSec doesn't work with PAT device in between.

Options you have:

1 - Cisco VPN3000 client - use IPSec /UDP to connect to router (router would rquire 12.2.13T+ IOS)

2- You can use PPTP if your router supports PPTP-Passthru, which I think it doesn't .