• Advertisement

VPN through PAT and NAT

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.

Re:VPN through PAT and NAT

Postby Guest » Wed Dec 15, 2010 12:52 am


VPN tunnel will not work in your scenario. Second nat change address and ports that you wanted to use for vpn tunnel. So the port 500 wil be translated for higher port and will be rejected in HQ.

Guest
 

Advertisement

Re:VPN through PAT and NAT

Postby Guest » Wed Dec 15, 2010 1:04 am


thanks for pointing it out.

i was wondering if the ipsec termination point is the pat router or the nat firewall.

Guest
 

Re:VPN through PAT and NAT

Postby Guest » Wed Dec 15, 2010 1:14 am


What if the client would be a PIX, and I would set up port forwarding on the PAT-router (port UDP 500 and UDP 4500 to PIX)?

PIX --> PAT-router --> NAT-firewall --> Internet --> CVPN3005

Guest
 

Re:VPN through PAT and NAT

Postby Guest » Wed Dec 15, 2010 2:17 am


hi sebastiaan,

please advise what sort of ipsec we are discussing here, and where is the vpn termination point.

Guest
 

Re:VPN through PAT and NAT

Postby Guest » Wed Dec 15, 2010 3:26 am


The VPN-tunnel I want to use is IPSec with NAT-T (have to, because of at least 1 NAT-device) from a PIX to a CIsco VPN Concentrator.

I think, though, that I've already gotten my answer in that it won't work.

Because of the PAT _and_ NAT, the port-translations and info that reaches the CVPN will all be screwed up.

Doing port-forwarding on the PAT-router is not going to be the best solution.

I've just had a talk with a technician of the networkoperator, and he confirmed that it will not work. They can do something to eliminate 1 of the NAT/PAT-devices, so I think that's the way to go.

Guest
 

PreviousNext


  • Advertisement

Return to Virtual Private Networks

Who is online

Users browsing this forum: No registered users and 1 guest