locked
MOC2007 Sign In Issues behind double NAT RRS feed

  • Question

  • After trouble shooting a user who was having problems signing in from home (over the internet to the Access Edge) I have found the following

    If the client is hidden behind two NAT devices (at the user's end) MOC2007 does not connect. (Even though telnet on 5061 does connect)

    (I have also tested MOC 2005 to LCS access proxy with the same results)

     

    Has anyone else experienced the same problem?

    Also it would appear that some hotels offering internet access may also double NAT. Again have other people experienced similar problems?

     

    Thanks for any input.

    Regards

    Alistair

     

    Tuesday, December 11, 2007 3:48 PM

Answers

  • To verify, I've connected to Access Edge servesr behind double, and even triple NAT chains before without issues (e.g. Running OC on a VM NAT'd inside the physical host which is NAT'd behind a physical firewall).

     

    You might want to look for an updated firmware for that Netgear device.

     

    Wednesday, January 9, 2008 7:06 PM
    Moderator

All replies

  • The issue would appear to be related to Netgear ProSafe FVG318 (and potentially some other Netgear firewalls)

     

    Anyalysis by microsoft

    "Client’ SSL Hello is not reaching Access Edge Server. This can be caused by NAT device. With the Network traces I clearly see the Client is sending SSL Hello Request (Presents its certificate) and which I do not see coming to Server end. Finally because if this we see connection finally RESETS from Server."

     

    I have further tested and double NAT though Checkpoint & ISA works.

    However

    Client => Netgear ProSafe FVG318 => OCS Server. Not work.

     

    If you have had similar problems please let me know.

     

    Wednesday, January 9, 2008 12:35 PM
  • To verify, I've connected to Access Edge servesr behind double, and even triple NAT chains before without issues (e.g. Running OC on a VM NAT'd inside the physical host which is NAT'd behind a physical firewall).

     

    You might want to look for an updated firmware for that Netgear device.

     

    Wednesday, January 9, 2008 7:06 PM
    Moderator
  • A firmware upgrade of the Netgear did indeed fix the issue.

    Firmware upgrade to 2.1.2-40 (for FVG318v1) Nov27/2007 from 1.0.49 Oct 03/2007 resolved the issue.

     

    I will add any further feedback from Netgear.

     

    I have had a report from another user that they have the same problem with a slightly different model of netgear. Again I will add any further feedback.

     

    Monday, January 14, 2008 10:57 AM
  • I have the exact same problem, althought the server side is NOT NAT. Only the client side is.

    Hvae you found a solution?

     

    Thanks
    Friday, April 11, 2008 9:21 AM
  • The only solution in my case was to upgrade the firmware on the client firewall.

    There is nothing else that could be done as the traffic was just not getting through it. (I checked on the access edge which showed no traffic reaching it)

     

     

    Saturday, April 12, 2008 1:52 AM