• Advertisement

VPN through PAT and NAT

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.

VPN through PAT and NAT

Postby Guest » Tue Dec 14, 2010 8:06 pm


We've got a location where we want to setup a VPN-tunnel to our HQ.

At that location, there's a router which does PAT (NAT overload), and then, some hops further, there's a firewall which does NAT.

Could this pose a problem to the VPN-tunnel?

Here's a 'diagram' of what the connection looks like.

Client -->PAT-router-->NAT firewall-->Internet-->CVPN3005

Hopefully you can provide me with an answer.

Guest
 

Advertisement

Re:VPN through PAT and NAT

Postby Guest » Tue Dec 14, 2010 8:37 pm


i don't think there would be an issue.

one thing should be noticed is when a host from the cvpn site needs access the the remote site, than a static nat needs to be configured on the router.

Guest
 

Re:VPN through PAT and NAT

Postby Guest » Tue Dec 14, 2010 9:05 pm


ok, that's a plus.

If I'm not mistaken, the tunnel uses UDP-port 500 and UDP-port 4500 if I'm using NAT-T (which I must because of the NAT at the firewall).

Could there be more ports needed because of the PAT and NAT?

Guest
 

Re:VPN through PAT and NAT

Postby Guest » Tue Dec 14, 2010 10:03 pm


udp 500 = isakmp

udp 4500 = non-isakmp

ip 50 = esp

Guest
 

Re:VPN through PAT and NAT

Postby Guest » Tue Dec 14, 2010 11:43 pm


Is that correct? When using NAT-T as far as I know ESP is encapsulated in the traffic on UDP-port 4500?

ESP or AH cannot be NATted, as far as I know...

Guest
 

Next


  • Advertisement

Return to Virtual Private Networks

Who is online

Users browsing this forum: No registered users and 2 guests

cron