Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

how to create vpn between 2 firewalls, when I have in the middle, a Cisco 837 with nat????

Posted on 2009-07-11
5
Medium Priority
?
534 Views
Last Modified: 2012-08-13
Hi there:

I want to create a IPSec VPN between two PIX ver 6.3, but in the middle I have a cisco 831 ADSL router just with 1 Homologated IP.

I had implemented NAT overload on the router.

I think we need to configure NAT-T, but the question here is how can be this configuration implemented???

Please i you can help me.

Regards.
NEW-IPSec-scenario.JPG
0
Comment
Question by:1ktw08
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 6

Expert Comment

by:brasslan
ID: 24830991
That can be done.  When the VPN packets come in and hit the outside of the DSL router, then you need to port forward (or static nat) those packets to the PIX on the inside.  With NAT traversal turned on for the VPN at the endpoints, then it should work.
0
 

Author Comment

by:1ktw08
ID: 24831493
Ok. Now, applying port forwarding on router ADSL, Remote Office can not access Internet (It suppose that I need to access Internet not using Tunnel, but directly from the router.

This scenario can be implemented too???

Where do I need to activate NAT-T, on bot PIX devices, or on the router????
0
 

Expert Comment

by:rayb0nes
ID: 24832979
Hi,

You need to enable NAT traversal on both endpoints as brasslan said: I think the is "isakmp nat-traversal".

Hope this helps
0
 

Accepted Solution

by:
1ktw08 earned 0 total points
ID: 24859541
Sorry, I can not establish yet the connectivity between both PIX with CISCO DSL - NAT router in the middle.

I can see from the Inside, the PIX is trying to connect to the remote PIX (located in the outside: 12.172.141.2). In this case, How the remote PIX needs to be configured in order to reach inside PIX. In specific, the configuration of the Transform-set Peer, which must be the IP address that I need to configure, is the DSL outside IP from the router (201.100.17.38), or the Inside local IP for the PIX located on the inside (10,16,17.146)???

Regards.

I have on the PIX located in the Inside, this configuration:


crypto map koamap 10 set peer 12.172.141.2

isakmp nat-traversal
isakmp enable outside
isakmp key ******* address 12.172.141.2 netmask 255.255.255.255

Regards
0
 

Author Comment

by:1ktw08
ID: 24864149
Any idea about this question???'

Regards
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question