ipsec over NAT is only working in one direction ? - Network

This is a discussion on ipsec over NAT is only working in one direction ? - Network ; Dear all, I'm trying to establish an IPSEC tunnel over NAT, but it's not going so well. One box is xp sp2 and the other box ia a win2003 sp1 and the tunnel (via ipsec policy) is just working fine ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: ipsec over NAT is only working in one direction ?

  1. ipsec over NAT is only working in one direction ?

    Dear all,

    I'm trying to establish an IPSEC tunnel over NAT, but it's not going so
    well.



    One box is xp sp2 and the other box ia a win2003 sp1 and the tunnel (via
    ipsec policy) is just working fine when NAT is disabled but stops working
    when NAT is turned on. The NAT device I'm using is Cisco PIX.



    The strange thing is also that I can initiate the tunnel from the inside
    host on the pix to the outside host, but not the other way around?



    I have used Network Monitor on the inside server and I can only see IKE
    packets, no ESP packets?



    So the question is: Why is only ipsec traffic working from the inside server
    to the outside server? (no traffic is blocked on the outside interface in
    the PIX)



    Should Microsoft IPSEC be able to handle this? Or have I missed any config
    in the PIX? (I'm allowing all ip in both directions)



    Thanks in advance,

    Andreas



  2. Re: ipsec over NAT is only working in one direction ?

    Maybe the article in the link below will be of help. XP SP2 has a change in
    how NAT-T is configured by default and how to modify the registry to change
    it. --- Steve

    http://support.microsoft.com/default.aspx?kbid=885407

    "Andreas Bladh" wrote in message
    news:u4tDeqr5FHA.3388@TK2MSFTNGP11.phx.gbl...
    > Dear all,
    >
    > I'm trying to establish an IPSEC tunnel over NAT, but it's not going so
    > well.
    >
    >
    >
    > One box is xp sp2 and the other box ia a win2003 sp1 and the tunnel (via
    > ipsec policy) is just working fine when NAT is disabled but stops
    > working when NAT is turned on. The NAT device I'm using is Cisco PIX.
    >
    >
    >
    > The strange thing is also that I can initiate the tunnel from the inside
    > host on the pix to the outside host, but not the other way around?
    >
    >
    >
    > I have used Network Monitor on the inside server and I can only see IKE
    > packets, no ESP packets?
    >
    >
    >
    > So the question is: Why is only ipsec traffic working from the inside
    > server to the outside server? (no traffic is blocked on the outside
    > interface in the PIX)
    >
    >
    >
    > Should Microsoft IPSEC be able to handle this? Or have I missed any config
    > in the PIX? (I'm allowing all ip in both directions)
    >
    >
    >
    > Thanks in advance,
    >
    > Andreas
    >
    >




+ Reply to Thread