RE: IPSec NAT-T is not recommended for Windows Server 2003 computers that are behind network address translators
- From: "Joe Pochedley" <joepochedley@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 14 Oct 2004 10:07:38 -0400
The situation Microsoft described seems so unlikely that it just doesn't
make much sense...
Why would the user at Client2 be establishing a NAT-T connection with
Client1? If the Client2 needed to establish a connection to Client1, it
would make more sense to use the already established IPSec/VPN link to
Server1... It's quite unusual for clients to be establishing NAT-T
connections between themselves in the first place...
I guess, mulling it over, I could think of a 'few' situations where this
might happen (IT consulting guy working from home who has his personal
test server set up for incoming IPSec over his cable modem and needs to
connect out to a client.... Plausable)
Joe Pochedley
A computer terminal is not some clunky old television
with a typewriter in front of it. It is an interface
where the mind and body can connect with the universe
and move bits of it about. -Douglas Adams
_____
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, October 14, 2004 9:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IPSec NAT-T is not recommended for Windows Server
2003 computers that are behind network address translators
http://www.ISAserver.org
Hi Jim,
Thanks!
;-)
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
_____
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thursday, October 14, 2004 8:36 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IPSec NAT-T is not recommended for Windows Server
2003 computers that are behind network address translators
http://www.ISAserver.org
I think I have some mail to send...
_____
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thu 10/14/2004 5:28 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] IPSec NAT-T is not recommended for Windows Server
2003 computers that are behind network address translators
http://www.ISAserver.org
Hey guys,
What does the ISA brain trust make of this? Is this an ex post factor
apologia for a bad design decision made with XP SP2, or a valid
rationale for their decision?
IPSec NAT-T is not recommended for Windows Server 2003 computers that
are behind network address translators:
http://support.microsoft.com/default.aspx?scid=kb;en-us;885348
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail from this domain has been virus-scanned
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
