> Did I miss something? NAT-T automatically turns on with the Netscreen
Client?
Yes, if the VPN concentrator has NAT-T enabled. A NetScreen device by
default does not. On the Netscreen, you have to activate NAT-T in the
IKE Gateway definition matching the client before the NetScreen device
will do NAT-T on its end.
Dave Klein
________________________________
From: Joe Brochu [mailto:jbrochu (at) trif (dot) com [email concealed]]
Sent: Tuesday, July 13, 2004 11:50 AM
To: David Klein; vpn (at) lists.shmoo (dot) com [email concealed]
Subject: RE: [VPN] Not another NAT question.. Yes I'm Sorry
David I tested your suggestion and I have the same result. I
went into the Netgear Interface and unchecked IPSEC passthrough
Enable VPN Passthrough (IPSec, PPTP, L2TP)
I then clicked apply and had one user connect and get into their
terminal emulator. Once they were in I had another use connect up. He
got in. The first users terminal emulator froze up and he could no
longer do anything.
Did I miss something? NAT-T automatically turns on with the
Netscreen Client?
Thanks for your help
Joseph Brochu
Network Administrator
Transportation Resources, Inc.
978-422-7770 x303
-----Original Message-----
From: vpn-bounces+neo=thehiddenspot.com (at) lists.shmoo (dot) com [email concealed]
[mailto:vpn-bounces+neo=thehiddenspot.com (at) lists.shmoo (dot) com [email concealed]]On Behalf Of
David Klein
Sent: Wednesday, July 07, 2004 5:35 PM
To: Neo; vpn (at) lists.shmoo (dot) com [email concealed]
Subject: RE: [VPN] Not another NAT question.. Yes I'm
Sorry
Turn off IPsec pass-thru on the Netgear. This will then
trigger IPsec NAT-T on the Netscreen VPN client.
Dave Klein
dklein (at) netscreen (dot) com [email concealed]
________________________________
From:
vpn-bounces+dklein=juniper.net (at) lists.shmoo (dot) com [email concealed]
[mailto:vpn-bounces+dklein=juniper.net (at) lists.shmoo (dot) com [email concealed]] On Behalf Of Neo
Sent: Wednesday, July 07, 2004 4:10 PM
To: vpn (at) lists.shmoo (dot) com [email concealed]
Subject: [VPN] Not another NAT question.. Yes
I'm Sorry
I have a client using a Netgear FVS328 VPN
Router.
Runs NAT.
The internal workstations use Netscreen Remote
VPN client. I cannot get more than one workstation connected at a time.
If a user is in and another connects, the new user boots out the
existing user and now that user is in.
I am trying to understand somethings by reading
but if someone could help me out I would very much appreciate it.
What I would like to know is, can this router or
the VPN client somehow get around this obvious limitation. NAT
Traversal?
Client?
Yes, if the VPN concentrator has NAT-T enabled. A NetScreen device by
default does not. On the Netscreen, you have to activate NAT-T in the
IKE Gateway definition matching the client before the NetScreen device
will do NAT-T on its end.
Dave Klein
________________________________
From: Joe Brochu [mailto:jbrochu (at) trif (dot) com [email concealed]]
Sent: Tuesday, July 13, 2004 11:50 AM
To: David Klein; vpn (at) lists.shmoo (dot) com [email concealed]
Subject: RE: [VPN] Not another NAT question.. Yes I'm Sorry
David I tested your suggestion and I have the same result. I
went into the Netgear Interface and unchecked IPSEC passthrough
Enable VPN Passthrough (IPSec, PPTP, L2TP)
I then clicked apply and had one user connect and get into their
terminal emulator. Once they were in I had another use connect up. He
got in. The first users terminal emulator froze up and he could no
longer do anything.
Did I miss something? NAT-T automatically turns on with the
Netscreen Client?
Thanks for your help
Joseph Brochu
Network Administrator
Transportation Resources, Inc.
978-422-7770 x303
-----Original Message-----
From: vpn-bounces+neo=thehiddenspot.com (at) lists.shmoo (dot) com [email concealed]
[mailto:vpn-bounces+neo=thehiddenspot.com (at) lists.shmoo (dot) com [email concealed]]On Behalf Of
David Klein
Sent: Wednesday, July 07, 2004 5:35 PM
To: Neo; vpn (at) lists.shmoo (dot) com [email concealed]
Subject: RE: [VPN] Not another NAT question.. Yes I'm
Sorry
Turn off IPsec pass-thru on the Netgear. This will then
trigger IPsec NAT-T on the Netscreen VPN client.
Dave Klein
dklein (at) netscreen (dot) com [email concealed]
________________________________
From:
vpn-bounces+dklein=juniper.net (at) lists.shmoo (dot) com [email concealed]
[mailto:vpn-bounces+dklein=juniper.net (at) lists.shmoo (dot) com [email concealed]] On Behalf Of Neo
Sent: Wednesday, July 07, 2004 4:10 PM
To: vpn (at) lists.shmoo (dot) com [email concealed]
Subject: [VPN] Not another NAT question.. Yes
I'm Sorry
I have a client using a Netgear FVS328 VPN
Router.
Runs NAT.
The internal workstations use Netscreen Remote
VPN client. I cannot get more than one workstation connected at a time.
If a user is in and another connects, the new user boots out the
existing user and now that user is in.
I am trying to understand somethings by reading
but if someone could help me out I would very much appreciate it.
What I would like to know is, can this router or
the VPN client somehow get around this obvious limitation. NAT
Traversal?
If I have left out any needed info let me know.
[ reply ]