NAT-T, the -T for Transversal
Did some reading into this a while back... so is all a bit vague in my memory at the moment
Do a search on google.... NAT-T NAT-T ipfilter
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B818043
Depending on how old your MS VPN client software is you may need to get the latest client that supports the nat-T protocol
<snip>
NAT-T and Firewall Rules
Because the new NAT-T code is designed around the IETF RFC 3193 and draft-02 of the IETF NAT-T specification, for these services to run through a firewall, you may have to open the following ports and protocols in the firewall rules:
o L2TP - User Datagram Protocol (UDP) 500, UDP 1701
o NAT-T - UDP 4500
o ESP - Internet Protocol (IP) protocol 50
<snip>
Most modern NAT appliances can handle this, or there are firmware updates for them to allow this to work
I have tried to get PTPP to work a a few months back on ip-filter, but was never able to figure out the correct rules to allow GRE protocol.... proberly something stupid I was doing!
The protocol does not need the NAT to do anything special, just pass the packets (least thats my belief)
its upto the client / server software at either end to sort out the IPSEC related stuff...
I would be keen to hear from anyone that has a rule set that this works on. either PPTP or L2TP (or both!)
(And see a working NAT & IPF rule set's)
Grant Please don't flame me for the MS reference!
As far as i know L2TP does not work with NAT...
greets andy
On Thu, December 9, 2004 16:16, M�ller Petr said:
Hi, I've used IPFilter on FreeBSD 4.x as firewall and nat. I've MS Windows Server as VPN server (L2TP) behind firewall. I need to connect to this Windows server via VPN and L2TP protocol via firewall. How to configure IPFilter to tunnel L2TP protocol? Can you help me?
Many Thanks Petr
