Solved

IpSec VPN Tunnel Configuration

Posted on 2010-08-30
2
879 Views
Last Modified: 2012-05-10
We are trying to get a VPN Tunnel configured from a Netgear UTM10 (our side) to a Cisco ASA appliance (there side).
I can get phase one and two up but the company we are trying to communicate with wants our server IP to be 10.1.0.187 and its 192.168.1.2

They will not configure there end to reflect our internal IP settings and there solution is to NAT interesting traffic.

My question, is there a way to forward traffic being sent from there network to 10.1.0.187 to 192.168.1.2?
I can create static routes, but I dont really know of any NAT or Rip settings on the UTM10.

Thanks
0
Comment
Question by:bkarper
2 Comments
 
LVL 2

Expert Comment

by:cmonteith
ID: 33562725
I've looked through the manual I found on the neatgear, and from what I've seen I don't think it can do the require NAT translation the remote company is requiring of you.  This is a pretty common requirement from various enterprise VPN connections.

The way I see it, your options are:

1. Upgrade to a different VPN endpoint that can support specific 1:1 nat translations (Cisco ASA55xx would be an example, as would certain levels of Sonicwall, Watchguard, or Cisco IOS routers)

2. Renumber your network so that you can adhere to these policies.  If this group is a major part of your business, and this is the only tunnel you see needing this requirement then this may be a good option.  If you plan on rolling out remote access VPN you're well servced by getting off the uber-common 192.168.1.x network anyway, as you'll typically run into headaches with your remote users getting access via VPN if their local networks are also 192.168.1.x.

3. Install some other NAT capable router behind your firewall so that it can perform the needed translation duties so your VPN endpoint only knows about the 10.1.0.x network.
0
 

Accepted Solution

by:
bkarper earned 0 total points
ID: 33587411
In the manual it specifically states that it will do static one to one mapping, and it does. I could not find any info on exactly how to do it though.

I created a secondary IP of 10.1.0.187 for the Wan

I then created rules in the inbound and outbound firewall settings to send any traffic coming from their network address rang to 10.1.0.187 to forward to our server 192.168.1.2 and vise versa.

Everything is up and working perfectly.

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Printer locally over VPN 2 75
RDP through VPN setup 9 58
ASA configuration 2 30
ASA 5505 not passing traffic to Netgear router 22 32
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question