Solved

how to create vpn between 2 firewalls, when I have in the middle, a Cisco 837 with nat????

Posted on 2009-07-11
5
491 Views
Last Modified: 2012-08-13
Hi there:

I want to create a IPSec VPN between two PIX ver 6.3, but in the middle I have a cisco 831 ADSL router just with 1 Homologated IP.

I had implemented NAT overload on the router.

I think we need to configure NAT-T, but the question here is how can be this configuration implemented???

Please i you can help me.

Regards.
NEW-IPSec-scenario.JPG
0
Comment
Question by:1ktw08
  • 3
5 Comments
 
LVL 6

Expert Comment

by:brasslan
ID: 24830991
That can be done.  When the VPN packets come in and hit the outside of the DSL router, then you need to port forward (or static nat) those packets to the PIX on the inside.  With NAT traversal turned on for the VPN at the endpoints, then it should work.
0
 

Author Comment

by:1ktw08
ID: 24831493
Ok. Now, applying port forwarding on router ADSL, Remote Office can not access Internet (It suppose that I need to access Internet not using Tunnel, but directly from the router.

This scenario can be implemented too???

Where do I need to activate NAT-T, on bot PIX devices, or on the router????
0
 

Expert Comment

by:rayb0nes
ID: 24832979
Hi,

You need to enable NAT traversal on both endpoints as brasslan said: I think the is "isakmp nat-traversal".

Hope this helps
0
 

Accepted Solution

by:
1ktw08 earned 0 total points
ID: 24859541
Sorry, I can not establish yet the connectivity between both PIX with CISCO DSL - NAT router in the middle.

I can see from the Inside, the PIX is trying to connect to the remote PIX (located in the outside: 12.172.141.2). In this case, How the remote PIX needs to be configured in order to reach inside PIX. In specific, the configuration of the Transform-set Peer, which must be the IP address that I need to configure, is the DSL outside IP from the router (201.100.17.38), or the Inside local IP for the PIX located on the inside (10,16,17.146)???

Regards.

I have on the PIX located in the Inside, this configuration:


crypto map koamap 10 set peer 12.172.141.2

isakmp nat-traversal
isakmp enable outside
isakmp key ******* address 12.172.141.2 netmask 255.255.255.255

Regards
0
 

Author Comment

by:1ktw08
ID: 24864149
Any idea about this question???'

Regards
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now