How crucial is a public IP on WAN port for VPN?

I got asked this question today by somebody. Whilst I've set up numerous Watchguard firewalls in the last few years, nearly all have been on a conventional public lan, a few have been behind a single static ip nat'd from the router and have worked.

I've spent hours/days/weeks trying to overcome incorrectly nat'd packets for VPN connectivity issues before to know that it is just best avoided. I've never tried setting up a Cisco fw other than having a public IP on the wan ports, so what would happen if I tried NAT?

Reply to
Loading thread data ...

I have done it a few times with PIX 6.3 and various IOS routers over DSL lines which use private IP Addressing to the ISP. It works fine - virtually all devices now support Nat Traversal.


Reply to
James Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.