IPsec VPN connection from Win XP SP2

Hi
I have VPN connection like below
Win XP SP2----> NAT-1 ----Internet----> NAT -2 ----> Win 2003 Server.

I can connect to my Server when i use the PPTP .It works perfectly .
But now i would like to connect to my server with IPsec L2TP .

I open ( Nat-2 ) the UDP 500 , UDP 1701 , UTP& TCP 1723 and 50 and 51
port on and forwarded to win 2003 server Ip address.And also i activeted
the IPsec Pass Thourgh and PPTP pass thourgh option on my (
Nat-2 )router.( do i stiil open the port 47, port 50 and 51 even i
activated the IPsec pass and PPTP pass thourgh option?). I haven't done
anything on my Win XP sp2 client site router. I just enter the
AssumeUDPEncapsulationContextOnSendRule , value 2
Word key under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IPSec subkey.
Then i created the VPN connection from Connect to menu .Then I open
the properties ,select the Security tab and chose the IPSec Setting and
enter the Preshare key which i wrote on the win 2003 server. i don't use
the cert. now .I just use the Preshahere key at the moment.Then i went to
Networking Tab and select the L2TP Ipsec for Type of VPN . i tried it
but i doesn't work .

If i cancel the Pre share key and chose the PPTP type connection i am able
to connect to VPN server.Do i have to do something on win xp client side
network .

Any idea ?

Thank you very much in advance.

Dennis

>do i stiil open the port 47, port 50 and 51 even i activated the IPsec
>pass and PPTP pass thourgh option?).

Those are protocol IDs technically, not ports. By allowing IPsec Pass
Through and PPTP pass through your are thus allowing these protocol IDs.

I believe you have to do some further configurations on the XP SP2 client.
See below.

Here is and article on setting up IPSEC with a pre-shared key
http://support.microsoft.com/default...b;en-us;240262

2003 reference:
http://support.microsoft.com/default...b;en-us;816514

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights.

Since you are going over a NAT router you need to allow and forward port
4500 UDP traffic to your Windows 2003 VPN server. Also make sure that ipsec
passthrough is enabled on both NAT routers. The link below explains
ore. --- Steve

http://support.microsoft.com/default...b;en-us;818043

"Dennis" <(E-Mail Removed)> wrote in message
news:%23Nw8p0$(E-Mail Removed)...
> Hi
> I have VPN connection like below
> Win XP SP2----> NAT-1 ----Internet----> NAT -2 ----> Win 2003 Server.
>
> I can connect to my Server when i use the PPTP .It works perfectly
> .
> But now i would like to connect to my server with IPsec L2TP .
>
> I open ( Nat-2 ) the UDP 500 , UDP 1701 , UTP& TCP 1723 and 50 and 51
> port on and forwarded to win 2003 server Ip address.And also i
> activeted
> the IPsec Pass Thourgh and PPTP pass thourgh option on my (
> Nat-2 )router.( do i stiil open the port 47, port 50 and 51 even i
> activated the IPsec pass and PPTP pass thourgh option?). I haven't done
> anything on my Win XP sp2 client site router. I just enter the
> AssumeUDPEncapsulationContextOnSendRule , value 2
> Word key under the
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IPSec subkey.
> Then i created the VPN connection from Connect to menu .Then I open
> the properties ,select the Security tab and chose the IPSec Setting and
> enter the Preshare key which i wrote on the win 2003 server. i don't use
> the cert. now .I just use the Preshahere key at the moment.Then i went to
> Networking Tab and select the L2TP Ipsec for Type of VPN . i tried it
> but i doesn't work .
>
> If i cancel the Pre share key and chose the PPTP type connection i am
> able
> to connect to VPN server.Do i have to do something on win xp client
> side
> network .
>
> Any idea ?
>
> Thank you very much in advance.
>
> Dennis
>
>
>

If the 2003 box is the termination point of the tunnel, then I believe the
NAT devices are the problem. If I'm not mistaken IPSec doesn't work over NAT
and requires NAT Traversal (NAT-T). If the NAT Devices involved are not
capable of that then you are screwed.

If the two NAT Devices are capable of running as "VPN Servers" then you
could create a Site-to-Site VPN between them, but whether they could not
IPSec still depends on what they are capable of.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Dennis" <(E-Mail Removed)> wrote in message
news:%23Nw8p0$(E-Mail Removed)...
> Hi
> I have VPN connection like below
> Win XP SP2----> NAT-1 ----Internet----> NAT -2 ----> Win 2003 Server.
>
> I can connect to my Server when i use the PPTP .It works perfectly
..
> But now i would like to connect to my server with IPsec L2TP .
>
> I open ( Nat-2 ) the UDP 500 , UDP 1701 , UTP& TCP 1723 and 50 and 51
> port on and forwarded to win 2003 server Ip address.And also i
activeted
> the IPsec Pass Thourgh and PPTP pass thourgh option on my (
> Nat-2 )router.( do i stiil open the port 47, port 50 and 51 even i
> activated the IPsec pass and PPTP pass thourgh option?). I haven't done
> anything on my Win XP sp2 client site router. I just enter the
> AssumeUDPEncapsulationContextOnSendRule , value 2
> Word key under the
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IPSec subkey.
> Then i created the VPN connection from Connect to menu .Then I open
> the properties ,select the Security tab and chose the IPSec Setting and
> enter the Preshare key which i wrote on the win 2003 server. i don't use
> the cert. now .I just use the Preshahere key at the moment.Then i went to
> Networking Tab and select the L2TP Ipsec for Type of VPN . i tried it
> but i doesn't work .
>
> If i cancel the Pre share key and chose the PPTP type connection i am
able
> to connect to VPN server.Do i have to do something on win xp client
side
> network .
>
> Any idea ?
>
> Thank you very much in advance.
>
> Dennis
>
>
>

ipsec nat-t is included in xpsp2 and ws03, however I do not believe it's a
supported scenario to have a nat in front of the ras server.

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no rights.


"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> If the 2003 box is the termination point of the tunnel, then I believe the
> NAT devices are the problem. If I'm not mistaken IPSec doesn't work over
> NAT
> and requires NAT Traversal (NAT-T). If the NAT Devices involved are not
> capable of that then you are screwed.
>
> If the two NAT Devices are capable of running as "VPN Servers" then you
> could create a Site-to-Site VPN between them, but whether they could not
> IPSec still depends on what they are capable of.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Dennis" <(E-Mail Removed)> wrote in message
> news:%23Nw8p0$(E-Mail Removed)...
>> Hi
>> I have VPN connection like below
>> Win XP SP2----> NAT-1 ----Internet----> NAT -2 ----> Win 2003 Server.
>>
>> I can connect to my Server when i use the PPTP .It works perfectly
> .
>> But now i would like to connect to my server with IPsec L2TP .
>>
>> I open ( Nat-2 ) the UDP 500 , UDP 1701 , UTP& TCP 1723 and 50 and 51
>> port on and forwarded to win 2003 server Ip address.And also i
> activeted
>> the IPsec Pass Thourgh and PPTP pass thourgh option on my (
>> Nat-2 )router.( do i stiil open the port 47, port 50 and 51 even i
>> activated the IPsec pass and PPTP pass thourgh option?). I haven't done
>> anything on my Win XP sp2 client site router. I just enter the
>> AssumeUDPEncapsulationContextOnSendRule , value 2
>> Word key under the
>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IPSec subkey.
>> Then i created the VPN connection from Connect to menu .Then I
>> open
>> the properties ,select the Security tab and chose the IPSec Setting and
>> enter the Preshare key which i wrote on the win 2003 server. i don't
>> use
>> the cert. now .I just use the Preshahere key at the moment.Then i went
>> to
>> Networking Tab and select the L2TP Ipsec for Type of VPN . i tried it
>> but i doesn't work .
>>
>> If i cancel the Pre share key and chose the PPTP type connection i am
> able
>> to connect to VPN server.Do i have to do something on win xp client
> side
>> network .
>>
>> Any idea ?
>>
>> Thank you very much in advance.
>>
>> Dennis
>>
>>
>>
>
>