[VPN] Not another NAT question.. Yes I'm Sorry

David Klein dklein at juniper.net
Tue Jul 13 13:27:14 EDT 2004


> Did I miss something? NAT-T automatically turns on with the Netscreen
Client?
 
Yes, if the VPN concentrator has NAT-T enabled.  A NetScreen device by
default does not.  On the Netscreen, you have to activate NAT-T in the
IKE Gateway definition matching the client before the NetScreen device
will do NAT-T on its end. 
 
Dave Klein


________________________________

	From: Joe Brochu [mailto:jbrochu at trif.com] 
	Sent: Tuesday, July 13, 2004 11:50 AM
	To: David Klein; vpn at lists.shmoo.com
	Subject: RE: [VPN] Not another NAT question.. Yes I'm Sorry
	
	
	David I tested your suggestion and I have the same result. I
went into the Netgear Interface and unchecked IPSEC passthrough
	
	 Enable VPN Passthrough (IPSec, PPTP, L2TP)
	 
	I then clicked apply and had one user connect and get into their
terminal emulator. Once they were in I had another use connect up. He
got in. The first users terminal emulator froze up and he could no
longer do anything.
	 
	Did I miss something? NAT-T automatically turns on with the
Netscreen Client?
	 
	Thanks for your help
	 

	Joseph Brochu
	Network Administrator
	Transportation Resources, Inc.
	978-422-7770  x303
	

		-----Original Message-----
		From: vpn-bounces+neo=thehiddenspot.com at lists.shmoo.com
[mailto:vpn-bounces+neo=thehiddenspot.com at lists.shmoo.com]On Behalf Of
David Klein
		Sent: Wednesday, July 07, 2004 5:35 PM
		To: Neo; vpn at lists.shmoo.com
		Subject: RE: [VPN] Not another NAT question.. Yes I'm
Sorry
		
		
		Turn off IPsec pass-thru on the Netgear.  This will then
trigger IPsec NAT-T on the Netscreen VPN client.
		 
		Dave Klein
		dklein at netscreen.com


________________________________

			From:
vpn-bounces+dklein=juniper.net at lists.shmoo.com
[mailto:vpn-bounces+dklein=juniper.net at lists.shmoo.com] On Behalf Of Neo
			Sent: Wednesday, July 07, 2004 4:10 PM
			To: vpn at lists.shmoo.com
			Subject: [VPN] Not another NAT question.. Yes
I'm Sorry
			
			
			
			I have a client using a Netgear FVS328 VPN
Router.
			 
			Runs NAT.
			 
			The internal workstations use Netscreen Remote
VPN client. I cannot get more than one workstation connected at a time.
If a user  is in and another connects, the new user boots out the
existing user and now that user is in.
			 
			I am trying to understand somethings by reading
but if someone could help me out I would very much appreciate it. 
			 
			What I would like to know is, can this router or
the VPN client somehow get around this obvious limitation. NAT
Traversal?
			 
			If I have left out any needed info let me know.

			

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20040713/5c92c2ff/attachment.htm 


More information about the VPN mailing list