IpSec VPN Tunnel Configuration

We are trying to get a VPN Tunnel configured from a Netgear UTM10 (our side) to a Cisco ASA appliance (there side).
I can get phase one and two up but the company we are trying to communicate with wants our server IP to be 10.1.0.187 and its 192.168.1.2

They will not configure there end to reflect our internal IP settings and there solution is to NAT interesting traffic.

My question, is there a way to forward traffic being sent from there network to 10.1.0.187 to 192.168.1.2?
I can create static routes, but I dont really know of any NAT or Rip settings on the UTM10.

Thanks
bkarperAsked:
Who is Participating?
 
bkarperAuthor Commented:
In the manual it specifically states that it will do static one to one mapping, and it does. I could not find any info on exactly how to do it though.

I created a secondary IP of 10.1.0.187 for the Wan

I then created rules in the inbound and outbound firewall settings to send any traffic coming from their network address rang to 10.1.0.187 to forward to our server 192.168.1.2 and vise versa.

Everything is up and working perfectly.

0
 
cmonteithCommented:
I've looked through the manual I found on the neatgear, and from what I've seen I don't think it can do the require NAT translation the remote company is requiring of you.  This is a pretty common requirement from various enterprise VPN connections.

The way I see it, your options are:

1. Upgrade to a different VPN endpoint that can support specific 1:1 nat translations (Cisco ASA55xx would be an example, as would certain levels of Sonicwall, Watchguard, or Cisco IOS routers)

2. Renumber your network so that you can adhere to these policies.  If this group is a major part of your business, and this is the only tunnel you see needing this requirement then this may be a good option.  If you plan on rolling out remote access VPN you're well servced by getting off the uber-common 192.168.1.x network anyway, as you'll typically run into headaches with your remote users getting access via VPN if their local networks are also 192.168.1.x.

3. Install some other NAT capable router behind your firewall so that it can perform the needed translation duties so your VPN endpoint only knows about the 10.1.0.x network.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.