RE: Discussion for Configuring Windows Server 2003-base... - 15.Sep.2003 11:39:00 PM
I was playing with ISA and windows 2003 server VPN but can't get the L2TP/IPSec to work. I am testing the server internally with the 10.2.20.0 as the internal network and 10.2.30.0 the dummy external network with multiple ip's defined on the external nic. I have followed your instructions for setting up the vpn client and the server. I put my laptop on the hub for the external nic and when i try and connect, the server says "me" "no policies defined" in the event log, and the connection fails. I looked in policy manager and the policies appear to be there. I created a ipsec policy while testing and this allows the connection but an event in the log then comes up saying the client and server were trying to connect in different modes, tunnel etc. Any ideas?
I setup VPN access on my ISA 2004 and am getting to the ISA 2004 on port 500 but both ends are timing out. (based on log entries) The problem is that my "dear" ISP blocks incoming protocols up through port 1024 "for my protection". Some 3rd party VPN clients can be set to initiate negotiations on UDP 4500 (NAT-T) instead of 500. Does anyone know of a way to force Windows XPSP2 VPN client to initiate security negotiations on UDP 4500 by default?
I have read Microsoft and other threads about not putting the 2003 Server behind a NAT-T firewall, due to unexpected results, but not a good clear explanation of the problem in any details. Any good pointers and/or explanations for this. Yes I have read your good explanations of the client side of NAT-T support issues. They were great. Just not sure of the "unexpected results" of running VPN L2TP/IPSEC Server behind NAt-T well. I am hoping it is just to avoid some corner case scenarios and that I can reach a VPN server that doesn't have static ip addresses on the server side.