Setup MT to pass VPN connections

Hello I am currently running MT 2.9.14. I am using NAT to connect my local lan through the MT to the internet. I want to make sure I have everything setup correctly to pass IPsec VPN traffic through the MT from my local lan to the internet. I have customers that will be using VPN clients that need to connect to internet VPN servers through the MT. ALL of these clients will be using some variant of ipsec, one for example is using a cisco pix. What settings do I need to be sure to enable to allow this traffic to pass since I am using NAT at the internet endpoint MT router?

VPN client ----> router (not running NAT) —> MT (running NAT to the internet) —>Internet → VPN server

Your assistance is greatly appreciated.

Thanks in advance!

That needs “NAT-T”. AFAIK not supported by MT yet.

No, you should be OK provided the servers that the clients connect to support NAT-T. I run both IPSEC and PPTP through an MT with src-nat defined and it works fine using UDP encapsulation for the ESP packets.

Only exception at the moment is Cisco IPSEC over TCP port 10000. I don’t get any packets back at present but I’m still investigating this.

Regards

Andrew

I see. Are there many VPN-Clients using the same Protocol e.g. IPSec? Does this work too?

I found that to work with no special rules in most cases.

Enable the pptp helper though and that should work with IPSEC and PPTP.

Provided you’re encapsulating ESP in UDP or TCP then there shouldn’t be a problem.

Using MT as a VPN concentrator isn’t really possible at the moment because of it’s lack of support for NAT-T.

Regards

Andrew

Thanks for the replies, that is pretty much waht I thought. I will let you know the results with the PIX

hai! im having the same problem as palidin74..

it seems that andrewluck can solve the problem. can u help me on how to configure the settings? what are the settings that i need to do on mikrotik?

thanks guys..