Archived from groups: alt.internet.wireless (
More info?)
"Ron Bandes" <RunderscoreBandes @yah00.com> wrote in
news:0sntc.58463$cz5.24018889@news4.srv.hcvlny.cv.net:
> Port forwarding is part of VPN passthrough, but I don't think it's the
> whole issue. I'm a little unsure here without doing some research,
> but I'll give it a try. I believe the other aspect of VPN passthrough
> has to do with NAT. Strictly speaking, protocol layers above the
> Network layer (IP) should not put IP address into their data fields,
> because a NAT router normally translates only the IP addresses found
> in the IP header (all the fields in an IP packet other than your
> data). Some higher layer protocols do embed IP addresses in their
> data; FTP is notorious for this. For any higher layer protocol that
> behaves this way, the router must have knowledge of that protocol so
> that it can FIXUP the addresses embedded in data fields. I believe
> this is the case for L2TP as well.
I did read some articles out on Google about IPsec and L2TP issues with a
NAT router where the VPN end-point was behind the router for Win 2K, XP
and 2K3. In that case, the solution was to map the ports (port forward)
the VPN ports to the IP/machine behind the router.
In the case of the OP who seems to have VPN issues at the machine level,
port forwarding the VPN ports may resolve the issue for a VPN
server/client software setup at the O/S level.
I don't think one needs to enable the pass through protocol on the router
in this situation, since it's the machine that's the end-point. I could
be wrong.
Duane