Solved

IpSec VPN Tunnel Configuration

Posted on 2010-08-30
2
881 Views
Last Modified: 2012-05-10
We are trying to get a VPN Tunnel configured from a Netgear UTM10 (our side) to a Cisco ASA appliance (there side).
I can get phase one and two up but the company we are trying to communicate with wants our server IP to be 10.1.0.187 and its 192.168.1.2

They will not configure there end to reflect our internal IP settings and there solution is to NAT interesting traffic.

My question, is there a way to forward traffic being sent from there network to 10.1.0.187 to 192.168.1.2?
I can create static routes, but I dont really know of any NAT or Rip settings on the UTM10.

Thanks
0
Comment
Question by:bkarper
2 Comments
 
LVL 2

Expert Comment

by:cmonteith
ID: 33562725
I've looked through the manual I found on the neatgear, and from what I've seen I don't think it can do the require NAT translation the remote company is requiring of you.  This is a pretty common requirement from various enterprise VPN connections.

The way I see it, your options are:

1. Upgrade to a different VPN endpoint that can support specific 1:1 nat translations (Cisco ASA55xx would be an example, as would certain levels of Sonicwall, Watchguard, or Cisco IOS routers)

2. Renumber your network so that you can adhere to these policies.  If this group is a major part of your business, and this is the only tunnel you see needing this requirement then this may be a good option.  If you plan on rolling out remote access VPN you're well servced by getting off the uber-common 192.168.1.x network anyway, as you'll typically run into headaches with your remote users getting access via VPN if their local networks are also 192.168.1.x.

3. Install some other NAT capable router behind your firewall so that it can perform the needed translation duties so your VPN endpoint only knows about the 10.1.0.x network.
0
 

Accepted Solution

by:
bkarper earned 0 total points
ID: 33587411
In the manual it specifically states that it will do static one to one mapping, and it does. I could not find any info on exactly how to do it though.

I created a secondary IP of 10.1.0.187 for the Wan

I then created rules in the inbound and outbound firewall settings to send any traffic coming from their network address rang to 10.1.0.187 to forward to our server 192.168.1.2 and vise versa.

Everything is up and working perfectly.

0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AVAYA IP Office DHCP Configuration Over a Sonicwal VPN 4 89
VPN issue 2 77
Configuring VPN in server 2012 5 28
Start Cisco VPN AnyConnect Client Before Windows Login 4 34
When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question