I aways heard that there isn't native support for LP2P/IPSEC in win98, it
only supports PPTP.
As far as WinXP IPSEC behind a NAT driver, IPSEC in transport mode dosen't
encrypt the TCP segment or rely on the checksum, so a NAT driver dosen't
affect it. In the first release of Win2000 (without the update) it relied on
a custom value in the TCP checksum to start the decryption proccess, and a
NAT driver would change this. A lot of times the packet would show up
correctly but decrytption would fail.
http://support.microsoft.com/default...roduct=win2000
"BC" <(E-Mail Removed)> wrote in message
news:073101c3d390$6c25e500$(E-Mail Removed)...
> The product that I am working on CANNOT connect to
> Windows 98 with L2TP/IPSec when a NAT is present.
>
> However, it CAN connect to Windows XP with L2TP/IPSec
> when Windows is behind a NAT. The IETF draft for NAT-T,
> version 2, is used by both sides.
>
> The IPSec SAs are established, and I see ESP packets
> transmmitted by the 98 side, and ESP responses from my
> product. The SPIs are correct. The packets are properly
> translated by the NAT. I confirmed this with a packet
> analyzer.
>
> The 98 side is retransmitting its first packet as if it
> does not like the response that it gets.
>
> Is there any L2TP logging that I can enable on 98? The
> PPP log doesn't show anything because it hasn't finished
> L2TP yet. The IPSec log shows that SAs have been
> negotiated and loaded.
>
> My product does not set the commit bit unless the peer
> sets the commit bit. I bring this up because the Windows
> server sets the commit bit, and therefore 98 waits for a
> connected notification.
>
>
Similar Threads
Linear Mode
