It is currently Sun Sep 22, 2019 7:15 am

All times are UTC [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Multiple Windows XP clients behind same NAT device possible?
PostPosted: Wed Mar 31, 2010 12:44 pm 

Joined: Wed Mar 31, 2010 11:50 am
Posts: 1
Hello,
I'm considering switching our corporate VPN solution to utilizing OpenL2TP.

I understand OpenL2TP supports multiple L2TP clients behind the same NAT device using ephemeral ports (on either the client or the server side?)

My question: Can this feature be used on the LNS side to support multiple Windows XP IPsec/L2TP clients behind the same NAT interface (using the native MS L2TP client)?

From my understanding this is not possible, as Windows expects both client and server side ports to be 1701.

Thank you for clarifying this!


Top
 Profile  
 
 Post subject: Re: Multiple Windows XP clients behind same NAT device possible?
PostPosted: Thu Apr 01, 2010 1:07 pm 
Site Admin

Joined: Sun Jul 27, 2008 1:39 pm
Posts: 122
neoxite wrote:
Hello,
I'm considering switching our corporate VPN solution to utilizing OpenL2TP.

I understand OpenL2TP supports multiple L2TP clients behind the same NAT device using ephemeral ports (on either the client or the server side?)

OpenL2TP by default will use ephemeral ports on both client and server sides. It can also be configured to use fixed ports on either side. The default is usually fine if the peer wants to use a fixed port.
Quote:
My question: Can this feature be used on the LNS side to support multiple Windows XP IPsec/L2TP clients behind the same NAT interface (using the native MS L2TP client)?

From my understanding this is not possible, as Windows expects both client and server side ports to be 1701.

Is that true? I've seen a Windows XP box use an ephemeral source port when using its standard L2TP/IPSec client.

However, the biggest problem might be the NAT gateway in the client network - few seem to handle IPSec well - NAT-T support seems to be quite varied.

Have you considered OpenVPN for this? It is much more NAT friendly.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group