[prev in list] [next in list] [prev in thread] [next in thread]
List: vpn
Subject: RE: [VPN] Using MS L2TP/IPSec and NAT
From: "Lee Merrill" <leemerri () nortelnetworks ! com>
Date: 2002-08-28 19:15:13
[Download RAW message or body]
The client listed is actually made for the older windows systems
(Win95/98/NT4.0). I think it was created by Safenet for Microsoft. I've
tested it against a couple of different vendors and it works quite well. I
used certificates for the testing, and I think you can do a registry hack to
use shared secrets.
I don't believe you can install this client on Win2k or XP. Its been a while
since I read the bulletin, but I think its just for the retro equipmtent.
Good luck
Lee Merrill
Application Engineering Lab
Nortel Networks
leemerri@nortelnetworks.com
-----Original Message-----
From: Klein, Alan Martin (Alan) [mailto:alanklein@avaya.com]
Sent: Wednesday, August 28, 2002 2:23 PM
To: vpn@lists.shmoo.com
Subject: FW: [VPN] Using MS L2TP/IPSec and NAT
Not a hack but it looks like Microsoft is going to address the NAT issue in
a future release of client / server. See the following URL for more
information:
http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpcl
ient.asp
-----Original Message-----
From: Christopher Gripp [mailto:cgripp@axcelerant.com]
Sent: Tuesday, August 27, 2002 4:08 PM
To: vpn@lists.shmoo.com
Subject: [VPN] Using MS L2TP/IPSec and NAT
I have recently been asked to support a VPN that uses encaps L2TP in IPSec.
The user states that the MS implementation uses AH only and therefore will
not work from behind a NAT device. I am very aware of all the implications
of NAT and AH and have no argument there. My question is, is anyone aware
of some workaround or fix that is native to MS that would allow this
implementation to be passed through a NAT device at the remote end point. A
reg hack, something?
CG
_______________________________________________
VPN mailing list
VPN@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
_______________________________________________
VPN mailing list
VPN@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2654.89">
<TITLE>RE: [VPN] Using MS L2TP/IPSec and NAT</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>The client listed is actually made for the older windows systems \
(Win95/98/NT4.0). I think it was created by Safenet for Microsoft. I've tested it \
against a couple of different vendors and it works quite well. I used certificates \
for the testing, and I think you can do a registry hack to use shared \
secrets.</FONT></P>
<P><FONT SIZE=2>I don't believe you can install this client on Win2k or XP. Its been \
a while since I read the bulletin, but I think its just for the retro \
equipmtent.</FONT></P>
<P><FONT SIZE=2>Good luck</FONT>
</P>
<P><FONT SIZE=2>Lee Merrill</FONT>
<BR><FONT SIZE=2>Application Engineering Lab </FONT>
<BR><FONT SIZE=2>Nortel Networks</FONT>
<BR><FONT SIZE=2>leemerri@nortelnetworks.com</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Klein, Alan Martin (Alan) [<A \
HREF="mailto:alanklein@avaya.com">mailto:alanklein@avaya.com</A>] </FONT> <BR><FONT \
SIZE=2>Sent: Wednesday, August 28, 2002 2:23 PM</FONT> <BR><FONT SIZE=2>To: \
vpn@lists.shmoo.com</FONT> <BR><FONT SIZE=2>Subject: FW: [VPN] Using MS L2TP/IPSec \
and NAT</FONT> </P>
<BR>
<P><FONT SIZE=2>Not a hack but it looks like Microsoft is going to address the NAT \
issue in a future release of client / server. See the following URL for more \
information:</FONT></P>
<P><FONT SIZE=2><A HREF="http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp" \
TARGET="_blank">http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/l2tpclient.asp</A></FONT>
</P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Christopher Gripp [<A \
HREF="mailto:cgripp@axcelerant.com">mailto:cgripp@axcelerant.com</A>]</FONT> \
<BR><FONT SIZE=2>Sent: Tuesday, August 27, 2002 4:08 PM</FONT> <BR><FONT SIZE=2>To: \
vpn@lists.shmoo.com</FONT> <BR><FONT SIZE=2>Subject: [VPN] Using MS L2TP/IPSec and \
NAT</FONT> </P>
<BR>
<P><FONT SIZE=2>I have recently been asked to support a VPN that uses encaps L2TP in \
IPSec. The user states that the MS implementation uses AH only and therefore \
will not work from behind a NAT device. I am very aware of all the implications \
of NAT and AH and have no argument there. My question is, is anyone aware of \
some workaround or fix that is native to MS that would allow this implementation to \
be passed through a NAT device at the remote end point. A reg hack, \
something?</FONT></P> <BR>
<P><FONT SIZE=2>CG</FONT>
<BR><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>VPN mailing list</FONT>
<BR><FONT SIZE=2>VPN@lists.shmoo.com</FONT>
<BR><FONT SIZE=2><A HREF="http://lists.shmoo.com/mailman/listinfo/vpn" \
TARGET="_blank">http://lists.shmoo.com/mailman/listinfo/vpn</A></FONT> <BR><FONT \
SIZE=2>_______________________________________________</FONT> <BR><FONT SIZE=2>VPN \
mailing list</FONT> <BR><FONT SIZE=2>VPN@lists.shmoo.com</FONT>
<BR><FONT SIZE=2><A HREF="http://lists.shmoo.com/mailman/listinfo/vpn" \
TARGET="_blank">http://lists.shmoo.com/mailman/listinfo/vpn</A></FONT> </P>
</BODY>
</HTML>
_______________________________________________
VPN mailing list
VPN@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic