Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IpSec VPN Tunnel Configuration

Posted on 2010-08-30
2
Medium Priority
?
887 Views
Last Modified: 2012-05-10
We are trying to get a VPN Tunnel configured from a Netgear UTM10 (our side) to a Cisco ASA appliance (there side).
I can get phase one and two up but the company we are trying to communicate with wants our server IP to be 10.1.0.187 and its 192.168.1.2

They will not configure there end to reflect our internal IP settings and there solution is to NAT interesting traffic.

My question, is there a way to forward traffic being sent from there network to 10.1.0.187 to 192.168.1.2?
I can create static routes, but I dont really know of any NAT or Rip settings on the UTM10.

Thanks
0
Comment
Question by:bkarper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 2

Expert Comment

by:cmonteith
ID: 33562725
I've looked through the manual I found on the neatgear, and from what I've seen I don't think it can do the require NAT translation the remote company is requiring of you.  This is a pretty common requirement from various enterprise VPN connections.

The way I see it, your options are:

1. Upgrade to a different VPN endpoint that can support specific 1:1 nat translations (Cisco ASA55xx would be an example, as would certain levels of Sonicwall, Watchguard, or Cisco IOS routers)

2. Renumber your network so that you can adhere to these policies.  If this group is a major part of your business, and this is the only tunnel you see needing this requirement then this may be a good option.  If you plan on rolling out remote access VPN you're well servced by getting off the uber-common 192.168.1.x network anyway, as you'll typically run into headaches with your remote users getting access via VPN if their local networks are also 192.168.1.x.

3. Install some other NAT capable router behind your firewall so that it can perform the needed translation duties so your VPN endpoint only knows about the 10.1.0.x network.
0
 

Accepted Solution

by:
bkarper earned 0 total points
ID: 33587411
In the manual it specifically states that it will do static one to one mapping, and it does. I could not find any info on exactly how to do it though.

I created a secondary IP of 10.1.0.187 for the Wan

I then created rules in the inbound and outbound firewall settings to send any traffic coming from their network address rang to 10.1.0.187 to forward to our server 192.168.1.2 and vise versa.

Everything is up and working perfectly.

0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question