NAT traversal support with transport mode of L2TP over IPsec

Description

NAT traversal support with transport mode of L2TP over IPsec

Resolution

When using a Microsoft VPN client to connect to the SonicWall's L2TP server, the L2TP-over-IPsec protocols are implemented in transport mode rather than tunnel mode. In SonicOS Standard, transport mode does not support NAT traversal. At this time (version 3.1), SonicOS Standard does not support the connection of L2TP clients to the SonicWall from behind NAT devices.

The transport mode implementation in SonicOS Enhanced does support NAT traversal. Consider upgrading to SonicOS Enhanced 3.2 or higher to resolve this issue and allow VPN clients behind NAT devices to connect to the SonicWall's L2TP server. Review Chapter 47 of the SonicOS Enhanced 3.2 Administrator's Guide for additional information on configuring the SonicWall's L2TP server.

Note: The requirements for the Windows XP L2TP client to work with a SonicWall L2TP server across an intervening NAT device are as follows:

  • Windows XP Service Pack 2
  • SonicOS Enhanced firmware version 3.1.0.6 or higher


See the Microsoft TechNet article Using IPsec for Network Protection for additional background information.

 

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community