Configuration of scenario 2, Configuration of the one-to-one nat rules, Configuration of router b – Cisco 4-Port SSL/IPSec VPN Router RVL200 User Manual

Page 97: Appendix j, Ipsec nat traversal

Advertising
background image

89

IPSec NAT Traversal

4-Port SSL/IPSec VPN Router

Appendix J

Configuration of the One-to-One NAT Rules

The one-to-one NAT rules must be configured on

NAT 2 - RV042 and NAT 1 - RVO42.

One-to-One NAT Rule on NAT 2 - RV042

192.168.99.1 => 192.168.111.11
Refer to the documentation of the 10/100 4-Port VPN

Router (model number: RV042) for more details about

one-to-one NAT rules.

One-to-One NAT Rule on NAT 1 - RV042

192.168.111.11 => 192.168.11.101

Configuration of Router B

Set the Remote Security Gateway to IP address:

192.168.99.1, which is the one-to-one NAT IP address used

by NAT 2 - RV042.
Follow these instructions for Router B.

Launch the web browser for a networked computer,

designated PC 2.
Access the web-based utility of the Router B. (Refer to

“Chapter 4: Advanced Configuration” for details.)
Click the IPSec VPN tab.
Click the Gateway to Gateway tab.
Enter a name in the Tunnel Name field.
For the VPN Tunnel setting, select Enable.
The WAN IP address of the Router B will be automatically

detected.
For the Local Security Group Type, select Subnet. Enter

Router B’s local network settings in the IP Address and

Subnet Mask fields.
For the Remote Security Gateway Type, select IP

address. Enter 9.8.99. in the IP Address field.

Router B’s IPSec VPN Settings

1.

2.

3.
4.
5.
6.
7.

8.

Configuration of Scenario 2

In this scenario, Router B is the RVL200 Initiator, while

Router A is the RVL200 Responder. Router B will have

the Remote Security Gateway IP address set to a public

IP address that is associated with the WAN IP address of

Router A, which is behind the NAT. Hence the public IP

address (192.168.99.1) must be mapped to the WAN IP

address (192.168.11.101, a private IP address) of Router A

through the two one-to-one NAT rules:

192.168.99.1 => 192.168.111.11 (on NAT 2)
192.168.111.11 => 192.168.11.101 (on NAT 1)

192.168.1.101

192.168.2.100

WAN: 192.168.99.22

Router B - RVL200

Initiator

LAN: 192.168.2.0/24

WAN: 192.168.99.11

NAT 2 - RV042

LAN: 192.168.111.1

WAN: 192.168.111.101

NAT 1 - RV042

LAN: 192.168.11.1

WAN: 192.168.11.101

Router A - RVL200 Responder

LAN: 192.168.1.0/24

Traffic in Scenario 2

NOTE:

Both the IPSec initiator and responder

must support the mechanism for detecting the

NAT router in the path and changing to a new

port, as defined in RFC 3947.

Advertising
Popular Brands
Popular manuals