• cabling news
  Newsletter Industry News Our Site News
• help
  Home Cabling Guide Cabling FAQ Free Helpdesk Forums Learn Cabling
• resources
  Color Codes Pin Layouts Links E-books Bookstore Online Tools Downloads
• this site
  Home Page Contact us Advertise Here Link to us
• this page
  Bookmark It! Print
• +

Cisco Systems IPSec VPN through NAT

Bookmark this page:   Yahoo!   Google   Windows Live   del.icio.us   digg   Netscape

Subject Author Date IPSec VPN through NAT Jaime 01-24-06  Re: IPSec VPN through NAT stl-eng 01-25-06

Posted by Jaime on January 24, 2006, 4:19 pm Please log in for more thread options Hi all, I do need a solution to create VPN between 70 remote sites and a central site, all equiped with Cisco IOS routers. On the way from the remote sites to the central site, a NAT does change remote sites IP addresses to a unique IP. As far as I know, the NAT then makes impossible to use PSKEY to match key with the remote IP address, as all remote sites are seen as the same IP address from central site. ¿ Any solution can be implemented for this ? Thanks and regards

Posted by stl-eng on January 25, 2006, 12:41 pm Please log in for more thread options If you know what the particulare remote is being nated to then your host key can be to that natted device. for instance say remote is a dsl with 1 to 1 translation your remote cisco is 192.168.1.10 but when it moves through the dsl router ie a netopia the netopia translates it to 65.5.5.5 you need what is called NAT-T on your routers enabled this is done by having recent code on it. It was introduced on 12.2(13T) also may wish to add nat keepalive so your translation doesnt timeout in the Nat device and you lose your tunnel. If the device in the middle is running PAT and not NAT then you have bigger problems with esp. Possibel solutions are running ezvpn client server. Honestly best practice don't deploy your vpn tunnels behind natted devices ever.

Similar Threads	Posted
Failing Phase2 Auth - IPSec - All IPSec SA proposals found unacceptable	November 26, 2008, 7:37 pm
IPsec within L2TP over IPsec - PIX.	July 23, 2006, 6:14 pm
4506 acting as LNS with L2TP over IPsec and IPsec over L2TP.	February 15, 2007, 5:47 pm
4506 acting as LNS with L2TP over IPsec and IPsec over L2TP.	February 20, 2007, 4:00 am
IPSec	October 4, 2005, 3:10 pm
IPSec VPN through NAT	January 24, 2006, 4:19 pm
QoS and IPSEC	February 10, 2006, 4:24 am
RSH over IPSEC VPN	March 14, 2006, 9:25 am
IPSEC to PIX 515	April 14, 2006, 9:46 am
PIX 506 IPSEC	June 18, 2005, 7:01 am
VPN with IPSec	July 23, 2007, 2:48 am
PAT & IPSEC	August 15, 2007, 3:47 pm
IPSEC and IKE	October 10, 2007, 8:52 am
VPN- IPsec and IKE	October 14, 2007, 10:51 am
ipsec vpn to pix 500	August 2, 2008, 5:36 pm

Contact Us | Privacy Policy