[VPN] Not another NAT question.. Yes I'm Sorry
dklein at juniper.net
Tue Jul 13 13:27:14 EDT 2004
> Did I miss something? NAT-T automatically turns on with the Netscreen
Yes, if the VPN concentrator has NAT-T enabled. A NetScreen device by
default does not. On the Netscreen, you have to activate NAT-T in the
IKE Gateway definition matching the client before the NetScreen device
will do NAT-T on its end.
From: Joe Brochu [mailto:jbrochu at trif.com]
Sent: Tuesday, July 13, 2004 11:50 AM
To: David Klein; vpn at lists.shmoo.com
Subject: RE: [VPN] Not another NAT question.. Yes I'm Sorry
David I tested your suggestion and I have the same result. I
went into the Netgear Interface and unchecked IPSEC passthrough
Enable VPN Passthrough (IPSec, PPTP, L2TP)
I then clicked apply and had one user connect and get into their
terminal emulator. Once they were in I had another use connect up. He
got in. The first users terminal emulator froze up and he could no
longer do anything.
Did I miss something? NAT-T automatically turns on with the
Thanks for your help
Transportation Resources, Inc.
From: vpn-bounces+neo=thehiddenspot.com at lists.shmoo.com
[mailto:vpn-bounces+neo=thehiddenspot.com at lists.shmoo.com]On Behalf Of
Sent: Wednesday, July 07, 2004 5:35 PM
To: Neo; vpn at lists.shmoo.com
Subject: RE: [VPN] Not another NAT question.. Yes I'm
Turn off IPsec pass-thru on the Netgear. This will then
trigger IPsec NAT-T on the Netscreen VPN client.
dklein at netscreen.com
vpn-bounces+dklein=juniper.net at lists.shmoo.com
[mailto:vpn-bounces+dklein=juniper.net at lists.shmoo.com] On Behalf Of Neo
Sent: Wednesday, July 07, 2004 4:10 PM
To: vpn at lists.shmoo.com
Subject: [VPN] Not another NAT question.. Yes
I have a client using a Netgear FVS328 VPN
The internal workstations use Netscreen Remote
VPN client. I cannot get more than one workstation connected at a time.
If a user is in and another connects, the new user boots out the
existing user and now that user is in.
I am trying to understand somethings by reading
but if someone could help me out I would very much appreciate it.
What I would like to know is, can this router or
the VPN client somehow get around this obvious limitation. NAT
If I have left out any needed info let me know.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the VPN