Setting up Windows 2008 with VPN and NAT

Question

I have a Windows 2008 box set up with VPN, and that works quite well. NPS is used to validate the VPN clients, who are able to access the private address of the server, once connected.

I can't for the life of me get NAT working for the VPN clients, though. I've added NAT as a routing protocol, and set the one on in the VPN address pool as private, and the other as public - but it still won't NAT connections when I add a route through the VPN server's IP on the client side (route add SomeInternetIp IpOfPrivateInterfaceOnServer). I know I can reach the server's private interface (which happens to be 10.2.2.1) with remote desktop client, so I can't think of any issues with the VPN.

score 1 · Answer 1 · answered Sep 06 '09 at 12:35

What kind of VPN are you using? (windows vpn, ipsec, openvpn) I'm assuming the windows one so.

When you say that clients are able to access the private address of the server you mean if from you NAT subnet of VPN subnet?

Did you check if the routes are applied correctly on client site ("route print" on windows, "netstat -nr" on linux). Did you check firewall rules between those 2 subnets? Check using traceroute ("tracert" in windows) the route of the packets between the client and machine behind the NAT (where does it timeout / hangs?

Setting up Windows 2008 with VPN and NAT

1 Answers1