Mac OS X Server v10.5, 10.6: VPN - Some Windows clients may not be able to connect using L2TP (IPSec)
Some Microsoft Windows clients may not be able to connect to the Mac OS X Server VPN service if the Mac OS X Server is behind a NAT (Network Address Translation) router or firewall.
This article applies to Windows XP (SP2), Vista, and Windows 7 clients.
You may need to modify settings on the Windows clients to allow access to the Mac OS X Server VPN service using L2TP (IPSec). By default, the Windows client may not be configured to allow NAT traversal. This is necessary to allow a connection to the Mac OS X Server VPN service when the server itself is behind a NAT router or firewall.
Please see the following Microsoft support articles:
- The default behavior of IPsec NAT traversal (NAT-T) is changed in Windows XP Service Pack 2
- Registry entries that are useful in network address translation traversal (NAT-T) security associations in Windows Vista
- How to configure an L2TP/IPsec server behind a NAT-T device in Windows Vista and in Windows Server 2008