IPSec Passthrough on RRAS


Shane Walters

Does RRAS support IPSec passthrough?

I can establish a VPN connection, but then I can't connect
to "private network 2" (see below), unless I skip the
windows 2000 NAT. (I'm using RRAS for NAT).

Here's an abbreviated snapshot of the network model:

Private Network 1 ----> Windows 2000 NAT ----> Router ----> Internet
----> Cisco PIX ----> Private Network 2

Bill Grant

L2tp/IPSec is normally killed by NAT. IPSec rejects any packet which
has been modified, but NAT must modify a packet to work.

For IPSec to work through NAT, you must use the new NAT-T (NAT
traversal) system. See KB 818043 for a brief description. There is a
detailed discussion in a recent Cable Guy column at Technet.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question