VPN From Behind NAT Setup

Posted on 2003-03-06
Medium Priority
Last Modified: 2010-04-12

I have a VPN setup, its a symantec 200r vpn/firewall. If i take my laptop and dial up to a random ISP the vpn is working fine.

However if i take my laptop onto another network thats running a simple Firewall/NAT config via ADSL the VPN connection doesn't work. The tunnel wont create.

Is there a simple explination as to why this isn't working?
Question by:markfowkes
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 79

Accepted Solution

lrmoore earned 400 total points
ID: 8080175
Because when you dial up to an ISP, you get a "real" iP address and there is no additional nat. When you are behind a firewall, it is usually using PAT (port address translation), not NAT. Since VPN's require specific ports, using PAT at the firewall breaks the VPN. There is a fairly new concept of "nat transparency" that will support VPN clients behind a nat firewall. Many of the SOHO routers support vpn "passthrough" which is basically the same, but most corporate firewalls do not have this feature.
It depends on the firewall/router at this location where you say it does not work. If it is a small Linksys, D-link or other SOHO router, it should have the capability to support IPSEC Passthrough. It just may not be enabled.

Author Comment

ID: 8080347
What a star - jumped onto the firewall at the "non" working end, enabled IPsec passthrough - worked! :)

Also for anyone else reading this topic i actually had to enabled IPSEC Type '2 SPI' on the Symantec 200R.

Thanks irmoore

LVL 79

Expert Comment

ID: 8080371
You're most welcome!

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question