We have a Windows 2000 RRAS server which has been serving as PPTP
server for a long time. Now, I configured L2TP connectivity too and
tested it on LAN successfully, however it does not work properly from
client on the Internet. Currently, we have some inbound filters
configured on WAN interface of RRAS server. RRAS is directly connected
to Internet, no NATs involved there. The client IS behind NAT. If I
disable the inbound filters and let all traffic IN on RRAS, client
connects successfully. Ofcourse I dont want to leave the filters like
that, the only traffic
I want to let in on my RRAS is VPN traffic. So i fired up Ethereal,
and established the connection successfuly.
This is what I found out from the sniffed bytes, the type of traffic
that has to be let in for L2TP connection to work:
1. UDP 500 - for IKE
2. UDP 4500 for IPSEC UDP encapsulation
3. *whole* UDP traffic (dont understand the purpose of this traffic)
So my client connects successfully ONLY if i let all UDP traffic in.
This is not an option at all. Could you explain what could be
happening, what could be the reason for this? I can provide more
information if neccessary.
|
Similar Threads
Linear Mode
