I have a customer with a 450 as their "gateway" ether1 has a public IP and ether2-5 are bridged and have a 192.168.0.254 IP. DHCP is given by a Windows 2000 server.

I am just using the src-nat chain and masquerading and have a few other dst-nat to forward some stuff to other devices on the network.

The customer has a Windows XP PC behind the 450 with a 192.168.0.x IP. They are trying to establish an IPSec VPN to a Cisco VPN 3000 Concentrator with the Cisco VPN Client v 4.6.

I am working with them over the phone and he says from the VPN client the only way to make it work is to use UDP only instead of TCP. From what I gather I need to be using NAT-T to allow it to connect using TCP. I don't need the mikrotik to do anything but allow the VPN to establish, so I don't believe I should have to mess with any of the IPSec settings on the RB is that correct?

The 450 is running v3.30 and I have the pptp service port enabled and set to 1723. I am just having a hard time finding good examples on configure nat-t.

Thanks for any help
-Matt

Sounds like someone doesn't have their Concentrator setup correctly. The v4.6 client is also now rather old.

You don't need to setup anything on the Mikrotik other than ensuring that you're not blocking the traffic with a filter rule. The VPN is encapsulated in a straightforward TCP / UDP connection from the client.

Kind regards

Andrew