Appendix D: Ipsec Nat Traversal; Overview; Before You Begin; Configuration Of Scenario 1 - Cisco RV042 - Small Business Dual WAN VPN Router User Manual
Business series 10/100 4-port vpn router
Hide thumbs
Also See for RV042 - Small Business Dual WAN VPN Router:
- Specifications (4 pages) ,
- Datasheet (4 pages) ,
- Quick install (2 pages)
Table of Contents
Advertisement
Appendix D
Appendix D:
IPSec NAT Traversal
Overview
Network Address Translation (NAT) traversal is a technique
developed so that data protected by IPSec can pass
through a NAT. (See NAT 1 and NAT 2 in the diagram.)
Since IPSec provides integrity for the entire IP datagram,
any changes to the IP addressing will invalidate the data.
To resolve this issue, NAT traversal appends a new IP and
UDP header to the incoming datagram, ensuring that no
changes are made to the incoming datagram stream.
This chapter discusses two scenarios. In the first scenario,
Router A initiates IKE negotiation, while in the second
scenario, Router B initiates IKE negotiation. In the second
scenario, since the IKE responder is behind a NAT device, a
one-to-one NAT rule is required on the NAT device.
Before You Begin
The following is a list of equipment you need:
Two 4-Port SSL/IPSec VPN Routers (model number:
•
RVL200), one of which is connected to the Internet
Two 10/100 4-Port VPN Routers (model number:
•
RV042), one of which is connected to the Internet
10/100 4-Port VPN Router
Configuration of Scenario 1
In this scenario, Router A is the RVL200 Initiator, while
Router B is the RVL200 Responder.
WAN: 192.168.99.11
NAT 2 - RV042
LAN: 192.168.111.1
WAN: 192.168.111.101
NAT 1 - RV042
LAN: 192.168.11.1
WAN: 192.168.11.101
Router A - RVL200 Initiator
LAN: 192.168.1.0/24
192.168.1.101
Traffic in Scenario 1
NOTE:
Both the IPSec initiator and responder
must support the mechanism for detecting the
NAT router in the path and changing to a new
port, as defined in RFC 3947.
Configuration of Router A
Follow these instructions for Router A.
1.
Launch the web browser for a networked computer,
designated PC 1.
2.
Access the web-based utility of Router A. (Refer to the
User Guide of the RVL200 for details.)
IPSec VPN tab.
3.
Click the
Gateway to Gateway tab.
4.
Click the
5.
Enter a name in the
Tunnel Name field.
6.
For the VPN Tunnel setting, select
IPSec NAT Traversal
WAN: 192.168.99.22
Router B - RVL200
Responder
LAN: 192.168.2.0/24
192.168.2.100
Enable.
67
Hide quick links:
Advertisement
Table of Contents
