VPN through PAT and NAT

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
Guest

VPN through PAT and NAT

Post by Guest » Tue Dec 14, 2010 8:06 pm


We've got a location where we want to setup a VPN-tunnel to our HQ.At that location, there's a router which does PAT (NAT overload), and then, some hops further, there's a firewall which does NAT.Could this pose a problem to the VPN-tunnel?Here's a 'diagram' of what the connection looks like.Client -->PAT-router-->NAT firewall-->Internet-->CVPN3005Hopefully you can provide me with an answer.

Guest

Re:VPN through PAT and NAT

Post by Guest » Tue Dec 14, 2010 8:37 pm


i don't think there would be an issue.one thing should be noticed is when a host from the cvpn site needs access the the remote site, than a static nat needs to be configured on the router.

Guest

Re:VPN through PAT and NAT

Post by Guest » Tue Dec 14, 2010 9:05 pm


ok, that's a plus.If I'm not mistaken, the tunnel uses UDP-port 500 and UDP-port 4500 if I'm using NAT-T (which I must because of the NAT at the firewall).Could there be more ports needed because of the PAT and NAT?

Guest

Re:VPN through PAT and NAT

Post by Guest » Tue Dec 14, 2010 10:03 pm


udp 500 = isakmpudp 4500 = non-isakmpip 50 = esp

Guest

Re:VPN through PAT and NAT

Post by Guest » Tue Dec 14, 2010 11:43 pm


Is that correct? When using NAT-T as far as I know ESP is encapsulated in the traffic on UDP-port 4500?ESP or AH cannot be NATted, as far as I know...

Post Reply