Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Applies To: Windows 7, Windows Server 2008 R2
A common deployment option is to use network address translation (NAT) on one or both sides of a connection that links offices in different geographical locations. RRAS provides two types of virtual private network (VPN) site-to-site connections. The following table describes the circumstances in which you can use a NAT in conjunction with a VPN connection.
| Type of VPN Site-to-Site Connection | Can You Use NAT? | Description |
|---|---|---|
PPTP VPN |
Yes |
In most cases, you can locate Point-to-Point Tunneling Protocol (PPTP)–based calling routers behind a NAT-enabled router (or configure one computer as both the calling router and the NAT-enabled router) in order to allow computers with private addresses in a small office or home office network to share a single connection to the Internet. With a VPN connection, the site-to-site connection from the small office to the main office is tunneled through the Internet. NAT in RRAS includes a NAT editor that can accurately translate PPTP-tunneled data. |
L2TP/IPsec VPN |
Yes, but only if you use the IPsec NAT-T feature |
You can use the Internet Protocol security (IPsec) feature called NAT Traversal (NAT-T) to create Layer Two Tunneling Protocol (L2TP)/IPsec connections across NATs. Using NAT-T requires running Windows Server 2008 or Windows Server 2008 R2 on both the calling and answering routers, or a third-party router that supports NAT-T. With NAT-T, computers with private addresses behind a NAT can use IPsec to connect to a remote site if these computers have the NAT-T update installed (for computers running Windows XP with Service Pack 1 or later versions of Windows). No NAT editor exists for L2TP/IPsec, so the only way to use NAT is by implementing IPsec NAT-T. |
SSTP |
Yes |
Secure Socket Tunneling Protocol (SSTP)-based VPN clients and VPN servers can be located behind a NAT-enabled router. |
IKEv2 |
Yes |
Internet Key Exchange version 2 (IKEv2)-based VPN clients and VPN servers can be located behind a NAT-enabled router. |