curwengroup
asked on
Site to Site VPN behind NAT
I need to setup a site to site VPN between two location, one of the locations has my VPN appliance and ASA 5505 NAT-ed behind the ISP router
ISP----NAT-Router-----ASA5 505----LAN
The NAT is a one to many NAT.
The Site to Site VPN will be an IPSEC vpn.
My questions is can i setup the point to point in these conditions? i'm pretty sure i will need to setup some port address translations if it can work, the question is which ports will i need?
Thanks
ISP----NAT-Router-----ASA5
The NAT is a one to many NAT.
The Site to Site VPN will be an IPSEC vpn.
My questions is can i setup the point to point in these conditions? i'm pretty sure i will need to setup some port address translations if it can work, the question is which ports will i need?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
With NAT you need to enable NAT-T (Nat traversal).
Traffic is send over UDP port 500/4500.
IPSec can then travel over NAT...