Win Serv 2003 L2TP/IPSec issue


Zachary Elias

Currently, I have configured a Windows Server 2003
Enterprise edition PC as a gateway to the internet using

Current setup is:

Internet (NIC1) ---> Server --> NATed LAN (NIC2)

This is the basic NAT / Routing setup with NO firewall or
packet filtering of any sort.

Clients on the NATed LAN are unable to connect to their
corporate network using L2TP/IPSec on the Internet. I
know that the server is causing the trouble, because
removing it and replacing it with an interim Router (with
VPN Passthrough capabilities) allows clients to connect

I was under the impression that with NO firewall and NO
packet filtering, there would be no need to "open" any
ports. As a newbie to the Win2k3 server arena, I'd
appreciate any guidance into getting this to work.

IP ports 50/51 need to be open
UDP ports 500/4500/1701 as well



My server has 2 network cards, one directly connected to
the Modem for internet access, the other connected to a
switch for the LAN computers that need access to the

When you "Manage your Server" (in Administrative Tools),
there's an option to install the RAS Role. Following the
wizard that follows, it's pretty easy to create a Routed
NAT/Firewall. Since you're connected to the internet
using USB, I'd wager that you'll want to set that
Interface as the Internet, and your network card as the
LAN. I couldn't say for sure, since I've never used a USB
network interface.

You will need to shut down ICS before you can begin.

VPN access allows you (or others) to connect to your
network and access all your LAN computers from the
Internet as though you were actually at your office/home.


** If anyone has the answer to my previous question about
L2TP/IPSec, I'd very much appreciate it **
-----Original Message-----

I was wondering how you were able to configure your 2003
as ur gateway to the internet using RRAS.
My setup is this. (Home Networking)

I've got a Broadband connection in which i enabled
Internet connection sharing on the windows 2003 server but
i dont want to use ICS again instead want to configure
Other PC in the network are, WinXP, 2000Pro and Windows 2000 server.

I've got 1 NIC on the Windows 2003, and the modem that
dials the Brioadband connection is a USB ADSL Modem.
No router or firewall exist on the network, just the 2003
server that is connected to the USB ADSL modem which dials
to the Internet and has got ICS enabled for other Network
PCs in the network.
Will i need a second NIC card or will just 1 do for the configuration. Thanks

And also, VPN/Remote access Dial-in, what does it
do...Does it only give you access to dial-in to a server
setup for Remote Dial-in to that server and able to have
access to shared Folders and files?

Bill Grant

L2tp with IPSec doesn't work through a NAT connection unless you have
the NAT traversal options. A standard NAT setup is not compatible with
IPSec. IPSec detects any change in a packet during transit and rejects it.
But NAT has to change the packet!

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question