I am trying to set up an L2TP/IPsec VPN server with a preshared key behind a firewall/router. The VPN server is running Windows Server 2008 R2. Microsoft recommends allowing the VPN server access to a public IP, but this is impractical in my situation. I'm able to establish a VPN connection from inside my house network, but trying to access from an external ip, I get errors (Error 789).
My router/firewall allows IPsec passthrough. What ports do I need to forward to the VPN appliance? I believe UDP 500 and UDP 4500 are all that are necessary. Noramlly, only UDP 500 is required, but since I'm NATing to the VPN appliance, it'll be doing NAT-T, and I believe I need to open UDP 4500. Additionally, Microsoft recommends that I do a registry change as outlined here: http://support.microsoft.com/kb/926179
Again, I am able to access my VPN appliance from within my network (on the same subnet). Can't access from an outside IP, which leads me to believe I don't have the ports forwarding properly, and possibly having an issue with NAT Transversal. I will do the registry setting as soon as I get home. Are ports UDP 500 and UDP 4500 the only ones that I need to forward to my VPN appliance? There was some mention of UDP 1701, but I don't think this is necessary...