beautypg.com

Appendix j: ipsec nat traversal, Overview, Before you begin – Cisco 4-Port SSL/IPSec VPN Router RVL200 User Manual

Page 95: Configuration of scenario 1, Configuration of router a, Appendix j, Ipsec nat traversal

background image

8

IPSec NAT Traversal

4-Port SSL/IPSec VPN Router

Appendix J

Appendix J:

IPSec NAT Traversal

Overview

Network Address Translation (NAT) traversal is a technique

developed so that data protected by IPSec can pass

through a NAT. (See NAT 1 and NAT 2 in the diagram.)

Since IPSec provides integrity for the entire IP datagram,

any changes to the IP addressing will invalidate the data.

To resolve this issue, NAT traversal appends a new IP and

UDP header to the incoming datagram, ensuring that no

changes are made to the incoming datagram stream.
This chapter discusses two scenarios. In the first scenario,

traffic is sent in one direction, through Router A, NAT 1,

NAT 2, and Router B. In the second scenario, traffic is sent

in the opposite direction, and a one-to-one NAT rule is

required.

Before You Begin

The following is a list of equipment you need:

Two 4-Port SSL/IPSec VPN Routers (model number:

RVL200), one of which is connected to the Internet
Two 10/100 4-Port VPN Routers (model number:

RV042), one of which is connected to the Internet

Configuration of Scenario 1

In this scenario, Router A is the RVL200 Initiator, while

Router B is the RVL200 Responder.

192.168.2.100

192.168.1.101

WAN: 192.168.99.22

Router B - RVL200

Responder

LAN: 192.168.2.0/24

WAN: 192.168.99.11

NAT 2 - RV042

LAN: 192.168.111.1

WAN: 192.168.111.101

NAT 1 - RV042

LAN: 192.168.11.1

WAN: 192.168.11.101

Router A - RVL200 Initiator

LAN: 192.168.1.0/24

Traffic in Scenario 1

NOTE:

Both the IPSec initiator and responder

must support the mechanism for detecting the

NAT router in the path and changing to a new

port, as defined in RFC 3947.

Configuration of Router A

Follow these instructions for Router A.

Launch the web browser for a networked computer,

designated PC 1.
Access the web-based utility of Router A. (Refer to

“Chapter 4: Advanced Configuration” for details.)
Click the IPSec VPN tab.
Click the Gateway to Gateway tab.
Enter a name in the Tunnel Name field.
For the VPN Tunnel setting, select Enable.

1.

2.

3.
4.
5.
6.