Hi I'm seeing a issue when enabling ICS and what NIC's it enables Forwarding on and by Forwarding I mean the one listed here for the NIC. netsh interface ipv4 show interface l=verbose When ICS is enabled in windows 7 both the WAN NIC and LAN NIC have this Forwarding enabled and at first there is no issue it all works. However there is a issue when the PC doing ICS does a VPN causing may packets to be sent counting down for TTL with received time exceeded ICMP. This should not happen but for me it does and why has win 7 enabled Forwarding for both NIC's for ICS? The workaround is to disable Forwarding for only the WAN NIC like this which for me is Local Area Connection 2 for the WAN NIC with Local Area Connection being the LAN NIC. netsh interface ipv4 set interface "Local Area Connection 2" forwarding=disable Thanks for any replies

1. What is the target configuration? 2. In my understanding ICS is one to many NAT 3. I would use separate VPN devices. Rgds Milos

1. Like to have my WAN IP on PC and NAT for other devices. 2. What other NAT? 3. Does not really apply to me.... My problem is when I enable ICS it enables Forwarding on both NIC's as show here: netsh interface ipv4 show interface l=verbose This causes a problem yet it all seems to work yet for VPN connections being make sends many packets out the same packet over and over again with a TTL going down to the point I receive time exceeded ICMP and the whole time its doing this the VPN works but it shouldnt send the same packet over and over again. When I disable the Forwarding for the WAN NIC it works as it should and so does ICS but I should not have to disable the Forwarding myself with the following on the WAN NIC that ICS is enabled on with the LAN NIC having forwarding enabled. netsh interface ipv4 set interface "Local Area Connection 2" forwarding=disable I don't know if this it a bug in win 7 for ICS or just me this happens too?

One to many NAT is terminus technicus.

One to many NAT is terminus technicus. I'm not sure I follow? Their is no router NAT in front of the connection it can only get a WAN IP. So is it normal for ICS to enable forwarding on both NIC?

Google it. By default, NAT (and ICS is just a cut-down version of NAT) is a one to many translation process. I would never even consider setting up a VPN on a machine running ICS. Bill

Google it. By default, NAT (and ICS is just a cut-down version of NAT) is a one to many translation process. I would never even consider setting up a VPN on a machine running ICS. Bill

I'm not setting up a VPN I'm connecting to a VPN like superfreevpn.com and when I do ALL HELL BREAKS loose and it only works correctly if I do this. netsh interface ipv4 set interface "Local Area Connection 2" forwarding=disable When I do that it all works fine and now on every reboot the dam forwarding setting gets re-enabled. Please is it normal for ICS to enable forwarding on both NIC?

If you do not understand the previous posts, the answer is yes. And I was aware that you were using the ICS machine as a VPN client, not a VPN server. It is still a bad idea. Bill

If you do not understand the previous posts, the answer is yes. And I was aware that you were using the ICS machine as a VPN client, not a VPN server. It is still a bad idea. Bill Clearly I didnt because I think I would of understand so thanks. What I have worked out is going to be hard to explain in a way that yes thats what it seems but there is more to it then that and could be a security issue due to ICS enabling forwarding for the internet NIC. But first what would your own conclusion be that with forwarding manually disabled for the internet NIC only for ICS when the following works with it disabled? given that: VPN connects from the ICS work fine even protocol 50. Computers connecting to ICS have internet and they too can connect to VPN's Port mapping in ICS works Given that everything works why would MS enable forwarding on the internet NIC for ICS when it does nothing and works with is disabled? Thanks