VPN through PAT and NAT

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
Guest

Re:VPN through PAT and NAT

Post by Guest » Wed Dec 15, 2010 12:52 am


VPN tunnel will not work in your scenario. Second nat change address and ports that you wanted to use for vpn tunnel. So the port 500 wil be translated for higher port and will be rejected in HQ.

Alt+MAlt+N
Guest

Re:VPN through PAT and NAT

Post by Guest » Wed Dec 15, 2010 1:04 am


thanks for pointing it out.i was wondering if the ipsec termination point is the pat router or the nat firewall.

Guest

Re:VPN through PAT and NAT

Post by Guest » Wed Dec 15, 2010 1:14 am


What if the client would be a PIX, and I would set up port forwarding on the PAT-router (port UDP 500 and UDP 4500 to PIX)?PIX --> PAT-router --> NAT-firewall --> Internet --> CVPN3005

Guest

Re:VPN through PAT and NAT

Post by Guest » Wed Dec 15, 2010 2:17 am


hi sebastiaan,please advise what sort of ipsec we are discussing here, and where is the vpn termination point.

Guest

Re:VPN through PAT and NAT

Post by Guest » Wed Dec 15, 2010 3:26 am


The VPN-tunnel I want to use is IPSec with NAT-T (have to, because of at least 1 NAT-device) from a PIX to a CIsco VPN Concentrator.I think, though, that I've already gotten my answer in that it won't work.Because of the PAT _and_ NAT, the port-translations and info that reaches the CVPN will all be screwed up.Doing port-forwarding on the PAT-router is not going to be the best solution.I've just had a talk with a technician of the networkoperator, and he confirmed that it will not work. They can do something to eliminate 1 of the NAT/PAT-devices, so I think that's the way to go.

Post Reply