Solved

how to create vpn between 2 firewalls, when I have in the middle, a Cisco 837 with nat????

Posted on 2009-07-11
5
515 Views
Last Modified: 2012-08-13
Hi there:

I want to create a IPSec VPN between two PIX ver 6.3, but in the middle I have a cisco 831 ADSL router just with 1 Homologated IP.

I had implemented NAT overload on the router.

I think we need to configure NAT-T, but the question here is how can be this configuration implemented???

Please i you can help me.

Regards.
NEW-IPSec-scenario.JPG
0
Comment
Question by:1ktw08
  • 3
5 Comments
 
LVL 6

Expert Comment

by:brasslan
ID: 24830991
That can be done.  When the VPN packets come in and hit the outside of the DSL router, then you need to port forward (or static nat) those packets to the PIX on the inside.  With NAT traversal turned on for the VPN at the endpoints, then it should work.
0
 

Author Comment

by:1ktw08
ID: 24831493
Ok. Now, applying port forwarding on router ADSL, Remote Office can not access Internet (It suppose that I need to access Internet not using Tunnel, but directly from the router.

This scenario can be implemented too???

Where do I need to activate NAT-T, on bot PIX devices, or on the router????
0
 

Expert Comment

by:rayb0nes
ID: 24832979
Hi,

You need to enable NAT traversal on both endpoints as brasslan said: I think the is "isakmp nat-traversal".

Hope this helps
0
 

Accepted Solution

by:
1ktw08 earned 0 total points
ID: 24859541
Sorry, I can not establish yet the connectivity between both PIX with CISCO DSL - NAT router in the middle.

I can see from the Inside, the PIX is trying to connect to the remote PIX (located in the outside: 12.172.141.2). In this case, How the remote PIX needs to be configured in order to reach inside PIX. In specific, the configuration of the Transform-set Peer, which must be the IP address that I need to configure, is the DSL outside IP from the router (201.100.17.38), or the Inside local IP for the PIX located on the inside (10,16,17.146)???

Regards.

I have on the PIX located in the Inside, this configuration:


crypto map koamap 10 set peer 12.172.141.2

isakmp nat-traversal
isakmp enable outside
isakmp key ******* address 12.172.141.2 netmask 255.255.255.255

Regards
0
 

Author Comment

by:1ktw08
ID: 24864149
Any idea about this question???'

Regards
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN doubts 4 79
FreeNAS sever setup so I can securely access my files from anywhere 4 50
Configuring VPN in server 2012 5 21
Use of vpn-filter value  in S2S VPN 2 49
Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question