VPN L2TP/IPSEC

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi All,
I am having VPN woes :(
I have setup a test lab environment on my private IP segment.I have a VPN
server running with one nic.I have used my current CA server for certs.Using
XP as the client.All works fine until I move my VPN server into my DMZ.Once
in the DMZ I have assigned the box a public ip.FTP works fine(From external
and Internal) so I know routing is correct.I have opened ports for
LDAP,IAS,Cert,L2TP.
The problem is that I can see traffic(UDP500 IKE) leaving my internal
int(Client), then leaving the FW int but no traffic is coming back!The logs
show (Security) nothing and the XP client gives me very little as well.
I read an ms article "Virtual Private Networking with Windows 2000:
Deploying Remote Access VPNs" where it states a server residing in the DMZ
will not support a nic solution running L2TP.
So ... in goes another nic routing and filters ammended and nudda.
Please can someone offer me some new routes to explore ?!?!
Julian
 
Just shooting some ideas; and questions...
Do you have and ACL entry for UDP500 on your firewall? It sound like the
firewall is dropping the reply from the VPN server.
Another though; do you by any chance have a NAT in place? Is the VPN server
behind that NAT?
Thanks
JC
 
Back
Top