Internal nic ip Isa server - 10.1.20.1 External nic ip isa server - 172.18.160.50 External NAT addresss for VPN(forwarded to external ISA NIC) - 126.96.36.199
Trying to setup L2tp ipsec VPN for clients to terminate on my isa2006 server. If I VPN to the external nic (172.18.160.50) IPsec works fine (this is connecting from my xp client on a different VLAN but in the same building). But if i try from outside this building and connect to my 188.8.131.52 address it just sits there waiting. It is going through a checkpoint firewall but everything is open. PPTP works fine when connecting to this 184.108.40.206 address. I guess there is a setting in ISA for NAT or something as it must be getting confused going from 220.127.116.11 -> 172.18.160.50.
Sorry i hope i make sense. Any help would be great
The checkpoint firewall is open to ALL traffic (while i'm trying to get this working). i can see the IKE packets passing though checkpoint but it seems like its having problems negotiating back to the VPN client. (if that make sense)
After i make the reg change to 1 is there anything i need to change on windows XP SP2 vpn client?
In my experience (l2tp/ipsec vpn from client behind a nat, to a vpn server also behind a nat) i had to set the assumeudpencapsulationcontextonsendrule reg key on the xpsp2/3 and vista clients to a value of 2.
then it all worked a treat.
give that a shot if your ISA is beind a napt device (which it sounds like it is).