Windows SBS 2011 - NAT-T Traversal VPN

Posted on 2011-10-14
Medium Priority
Last Modified: 2012-05-12
Good Afternoon,

We have recently installed an SBS 2011 domain into a building where we do not control the access to the outside world. The ISP has enabled Port 1723 to forward to our SBS 2011 server.

The problem is that after setting up Routing and Remote Access I can't dial in (using the PPTP VPN), nor actually can any machine on the domain dial out to any Windows VPN - i.e. if I wanted to connect to my home VPN.

The ISP is saying this is to do with NAT-T Traversal, is there or how do I:

a) Fix this on the RAS box allowing incoming connections
b) Tweak this to allow machines on the network to connect to other VPNs!

Many thanks

Question by:mattstannard
  • 2
LVL 60

Expert Comment

by:Cliff Galiher
ID: 36968669
If you don't control the network edge then you simply can't. You need port 1723 and the GRE protocol (not port) forwarded. It sounds like the network edge is blocking GRE this PPTP inbound and outbound would fail. If they won't fix it, there is nothing you can do.


Author Comment

ID: 36968863
Hi Cliff,

I'm speaking nicely to them - the GRE Protocol also applies to Windows I take it :-)

LVL 60

Accepted Solution

Cliff Galiher earned 2000 total points
ID: 36969154
GRE is part of the PPTP RFC, so all PPTP tunnels require it, Linux, windows, doesn't matter.


Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question