This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN clients behind a NAT router

I have the PPTP vpn working just fine for dial-up clients and clients that have a public IP. But clients that are behind a router or some kind of NAT device can not connect to the VPN.

Ony have any ideas, I know Checkpoint was not able to have NATed clients until the last version of thier client software was released.

This thread was automatically locked due to age.

Parents

0 Craig White over 23 years ago

The Astaro firewall can be setup to allow IPSEC clients from the internal lan to passthru and connect to IPSEC servers on the Internet.

From what you have written I assume the VPN clients are attempting a connection to your external interface.  If these clients are behind a firewall or NATing device this firewall will need to support IPSEC protocols.  See for more information.
http://www.ietf.org/html.charters/ipsec-charter.html

Craig  [:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 lanman over 23 years ago in reply to Craig White

I was coming from the Internal LAN of a ASL network to the external IF of an ASL box. Using PPTP. Will I need to configure my WS as IPSEC which is not supported by Win98 or do I need other client software.
Cancel
Vote Up 0 Vote Down

Cancel
0 Carsten Horn over 23 years ago in reply to lanman

The NAT router has to support PPTP passthrough.
ASL does not support PPTP passthrough.
See also:

http://www.astaro.org/cgi/ultimatebb.cgi?ubb=get_topic&f=7&t=000200

http://www.astaro.org/cgi/ultimatebb.cgi?ubb=get_topic&f=7&t=000176

Regards,
Carsten
Cancel
Vote Up 0 Vote Down

Cancel
0 lanman over 23 years ago in reply to Carsten Horn

So I will not be able to use PPTP from a NATed network.

Regarding ASL 3.2 beta:
I was working on another ASL box a freind installed and the VPN would connect and authenticate users but we could not browse the internal lan(behind ASL) without having POrt 138-139 open.

Is the PPTP vpn setup different in 3.2 from 2.19.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 lanman over 23 years ago in reply to Carsten Horn

So I will not be able to use PPTP from a NATed network.

Regarding ASL 3.2 beta:
I was working on another ASL box a freind installed and the VPN would connect and authenticate users but we could not browse the internal lan(behind ASL) without having POrt 138-139 open.

Is the PPTP vpn setup different in 3.2 from 2.19.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 TnM over 23 years ago in reply to lanman

1) It is possible to connect to a PPTP server from a NAT Network but as Carsten said your Natting device must support PPTP passthru.

2) What do you mean by open port 138/139? To be able to browse the network, depending on what platform you have inside your network, all you need is a rule for PPTP Pool-Any-Internal Network-Allow.

Note : If you're environnment is W2K and up only you don't need NetBIOS over TCP/IP anymore , SMB traffic will now use port 445.

Note 2 : With a PPTP client you cannot "browse the network" because "browsing the network" implies doing broadcast for host discovery and broadcast don't get routed thru your PPTP tunnel. What you need to do something similar is have a WINS server located inside your lan that will answer your Network browsing requests.

Note 3 : The Checkpoint mechanism that allow NATed clients to connect to a VPN server uses UDP 500 encapsulation for IPSEC protocol. This is a completely different thing.. If you want further information read the IPSEC NAT RFCs from www.ietf.org

Hope to help,

Patrice.
Cancel
Vote Up 0 Vote Down

Cancel