Cannot connect to IPSEC VPN Server behind NAT (NAT-T) (Full Version)

All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS


colombo -> Cannot connect to IPSEC VPN Server behind NAT (NAT-T) (18.Jan.2008 10:33:48 AM)

Hi All,

I have a Windows Small Business Server 2003 SP1 environment. The server has two network interface. One for the local network clients, one for the public network so that our local clients connect to the external network via SBS 2003 ISA nat.
My problem is that I couldn't connect to an external IPSEC based VPN server from the local network behind the SBS ISA server.

I read the relevant articles, forum posts, and I have already created the necessary firewall rules on the ISA what the articles write about the NAT-T and IPSEC passthrough.

For example this:

But I cannot connect.
I tried to create to this host "All outbound connection" access rule, but the result was the same.

In the ISA monitor I didn't see the denied traffic.

The VPN client program is the Checkpoint Secure Client and I set the "use NAT traversal tunneling" option.

From my home network (also behind router) I can connect to this VPN with the same options.

Could anybody help me to solve this problem? And do you have any idea at least how can I monitor the denied connection details?

Thanks in advance,

Kind regards,


OcDevil -> RE: Cannot connect to IPSEC VPN Server behind NAT (NAT-T) (30.Jan.2009 4:41:58 AM)

Hi Colombo,

I am experiencing the same problem with my MS TMG. I am unable to connect to a Cisco VPN Concentrator using IPSec/UDP NAT-T if I connect using IPSec/TCP I have no problems.

I have managed to locate this article at the Forefront TMG Product Team blog:

But it doesn't seem to work, or perhaps I am doing something wrong? Maybe You could give it a go?

colombo -> RE: Cannot connect to IPSEC VPN Server behind NAT (NAT-T) (30.Jan.2009 5:47:32 AM)


Unfortunately I cannot provide you any news about this thread.


Page: [1]