I’m asking if somebody was able to set up a l2tp server with IPSEC behind a NAT router.
It’s simple and easy to set it up in a MKT router with a public or directly accessible IP address, but behind a natted router it won’t connect, even if I forward all necesary protocols.
In some forums I’d read that it’s impossible to set up this kind of l2tp servers behind NAT… but, anybody has one running?
In theory, there must be NAT rule on border and correct firewall rules on second router-server. With default rules on second router(establish, related connections), there must be no problems, because initiator of first packets is client.
I have done this previously with no issues at all. You just forward the ports from your border router as you would normally to the local address. Just make sure all forwarding is done such as the UDP ports and then protocol ipsec-ah (51) and ipsec-esp (50) depending which you need.
Sorry to bump this old thread, but is there anything extra to be done except NAT-ing ports to use this solution? I have problems…
I’ve NAT-ed UDP ports 1701,500,4500, ipsec-ah and ipsec-esp and gre. Still nothing. I have PPTP VPN working, but would like to transit to more secure solution. So I just made NAT rules similar to existing one.