Community discussions

MUM Europe 2020
 
palidin74
just joined
Topic Author
Posts: 15
Joined: Thu Mar 02, 2006 2:19 am
Location: Klamath Falls, OR
Contact:

Setup MT to pass VPN connections

Fri Mar 24, 2006 3:06 am

Hello I am currently running MT 2.9.14. I am using NAT to connect my local lan through the MT to the internet. I want to make sure I have everything setup correctly to pass IPsec VPN traffic through the MT from my local lan to the internet. I have customers that will be using VPN clients that need to connect to internet VPN servers through the MT. ALL of these clients will be using some variant of ipsec, one for example is using a cisco pix. What settings do I need to be sure to enable to allow this traffic to pass since I am using NAT at the internet endpoint MT router?

VPN client ----> router (not running NAT) ---> MT (running NAT to the internet) --->Internet --> VPN server

Your assistance is greatly appreciated.

Thanks in advance!
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Fri Mar 24, 2006 8:42 am

That needs "NAT-T". AFAIK not supported by MT yet.
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Fri Mar 24, 2006 2:56 pm

No, you should be OK provided the servers that the clients connect to support NAT-T. I run both IPSEC and PPTP through an MT with src-nat defined and it works fine using UDP encapsulation for the ESP packets.

Only exception at the moment is Cisco IPSEC over TCP port 10000. I don't get any packets back at present but I'm still investigating this.

Regards

Andrew
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Fri Mar 24, 2006 10:01 pm

I run both IPSEC and PPTP through an MT with src-nat defined and it works fine using UDP encapsulation for the ESP packets.
I see. Are there many VPN-Clients using the same Protocol e.g. IPSec? Does this work too?
 
spire2z
Long time Member
Long time Member
Posts: 517
Joined: Mon Feb 14, 2005 2:48 am

Sat Mar 25, 2006 2:41 am

I found that to work with no special rules in most cases.

Enable the pptp helper though and that should work with IPSEC and PPTP.
 
User avatar
andrewluck
Forum Veteran
Forum Veteran
Posts: 702
Joined: Fri May 28, 2004 9:05 pm
Location: Norfolk, UK

Sat Mar 25, 2006 12:02 pm

Provided you're encapsulating ESP in UDP or TCP then there shouldn't be a problem.

Using MT as a VPN concentrator isn't really possible at the moment because of it's lack of support for NAT-T.

Regards

Andrew
 
palidin74
just joined
Topic Author
Posts: 15
Joined: Thu Mar 02, 2006 2:19 am
Location: Klamath Falls, OR
Contact:

Thank you!

Sun Mar 26, 2006 5:48 am

Thanks for the replies, that is pretty much waht I thought. I will let you know the results with the PIX
 
User avatar
beejan
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Sep 12, 2005 9:21 am
Location: Sarawak

Mon Apr 03, 2006 1:20 pm

hai! im having the same problem as palidin74..

it seems that andrewluck can solve the problem. can u help me on how to configure the settings? what are the settings that i need to do on mikrotik?

thanks guys..
everyday is a bliss..appreciate every moments u have :)

Who is online

Users browsing this forum: Bing [Bot], jayson13, TomaszF and 149 guests