Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

IpSec VPN Tunnel Configuration

Posted on 2010-08-30
2
880 Views
Last Modified: 2012-05-10
We are trying to get a VPN Tunnel configured from a Netgear UTM10 (our side) to a Cisco ASA appliance (there side).
I can get phase one and two up but the company we are trying to communicate with wants our server IP to be 10.1.0.187 and its 192.168.1.2

They will not configure there end to reflect our internal IP settings and there solution is to NAT interesting traffic.

My question, is there a way to forward traffic being sent from there network to 10.1.0.187 to 192.168.1.2?
I can create static routes, but I dont really know of any NAT or Rip settings on the UTM10.

Thanks
0
Comment
Question by:bkarper
2 Comments
 
LVL 2

Expert Comment

by:cmonteith
ID: 33562725
I've looked through the manual I found on the neatgear, and from what I've seen I don't think it can do the require NAT translation the remote company is requiring of you.  This is a pretty common requirement from various enterprise VPN connections.

The way I see it, your options are:

1. Upgrade to a different VPN endpoint that can support specific 1:1 nat translations (Cisco ASA55xx would be an example, as would certain levels of Sonicwall, Watchguard, or Cisco IOS routers)

2. Renumber your network so that you can adhere to these policies.  If this group is a major part of your business, and this is the only tunnel you see needing this requirement then this may be a good option.  If you plan on rolling out remote access VPN you're well servced by getting off the uber-common 192.168.1.x network anyway, as you'll typically run into headaches with your remote users getting access via VPN if their local networks are also 192.168.1.x.

3. Install some other NAT capable router behind your firewall so that it can perform the needed translation duties so your VPN endpoint only knows about the 10.1.0.x network.
0
 

Accepted Solution

by:
bkarper earned 0 total points
ID: 33587411
In the manual it specifically states that it will do static one to one mapping, and it does. I could not find any info on exactly how to do it though.

I created a secondary IP of 10.1.0.187 for the Wan

I then created rules in the inbound and outbound firewall settings to send any traffic coming from their network address rang to 10.1.0.187 to forward to our server 192.168.1.2 and vise versa.

Everything is up and working perfectly.

0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question