IPSec Passthrough on RRAS

  • Thread starter Thread starter Shane Walters
  • Start date Start date
S

Shane Walters

Does RRAS support IPSec passthrough?

I can establish a VPN connection, but then I can't connect
to "private network 2" (see below), unless I skip the
windows 2000 NAT. (I'm using RRAS for NAT).

Here's an abbreviated snapshot of the network model:

Private Network 1 ----> Windows 2000 NAT ----> Router ----> Internet
----> Cisco PIX ----> Private Network 2
 
L2tp/IPSec is normally killed by NAT. IPSec rejects any packet which
has been modified, but NAT must modify a packet to work.

For IPSec to work through NAT, you must use the new NAT-T (NAT
traversal) system. See KB 818043 for a brief description. There is a
detailed discussion in a recent Cable Guy column at Technet.
 
Back
Top