RV042 to RV042 VPN with a NAT firewall on one side.
Posted on 2014-04-24
Somewhere in the dim past I did this and it worked but I've lost the formula it appears.
There was a paper about connecting RV042s site to site. It said that you can have ONE NATting router in front but not one at each end. And I got that system working.
I need to do the same thing again and can't find those instructions.
I've done everything that seems to make sense but the VPN won't connect.
In this case I have this arrangement:
RV042#1..VPN w/public address (dyndns supported) <> cable modem <> internet
internet <> RV042#2 "firewall" w/public address <> interim private subnet <> RV042#3..VPN with private addresses.
So, RV042#1 and RV042#3 are the VPN terminating devices.
And, RV042#2 is an intervening firewall (only) with IPSEC passthrough at one end in front of the VPN terminator.
I'm getting logs that say:
"We require peer to have ID "[public ip at RV042#2], but peer declares "[private IP at RV042#3]
Obviously, I think, the #1 device has to point to the public address of the #2 device because I don't see any other way to get there from here.
I have to believe that the problem is right there but I can't figure out how to fix it.