I'm deploying a project that includes an IPSEC Tunnel between Windows servers, through a NAT Firewall. When both servers were windows 2003, this worked fine. We have had to migrate to Win2k8R2, and now the tunnel is established, but no traffic flows through the tunnel. The tunnel has been tested in both Windows Firewall with Advanced Security, and Legacy "Policy Agent" configuration with the same result. Originally we were Win2k3 to Win2k3 and it worked: |Win2k3 PRIVATEIP|-------|NATFW|-----------|Win2K3 PUBLICIP| Then we had to switch one server to Win2k8R2: |Win2k3 PRIVATEIP|-------|NATFW|-----------|Win2K8R2 PUBLICIP| NATFW is mapping the yellow server to a blue IP address. It is a 1:1 mapping, NAT not PAT! Our tunnel establishes, but no traffic will flow. In our testing, we have the following results: Yellow......Blue........Subnets...........Outcome ================================================= 2k8R2.......2k8R2.......same..............OK 2k3..........2k8R2.......same..............OK 2k3..........2k3..........same..............OK 2k8R2.......2k8R2.......routed,no.NAT....OK 2k3..........2k8R2.......routed,no.NAT.....OK 2k3..........2k3..........routed,no.NAT.....OK 2k8R2.......2k8R2.......routed,NAT........Fail.(quick/main.mode.established,.no.traffic) 2k3..........2k8R2.......routed,NAT........Fail.(quick/main.mode.established,.no.traffic) 2k3..........2k3..........routed,NAT........OK any thoughts.

Twistedpear, Your question falls into the paid support category which requires a more in-depth level of support. Please visit the below link to see the various paid support options that are available to better meet your needs. http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Clark Satter Microsoft Online Community Support