Cisco Systems RVL200 manual One-to-One NAT Rule on NAT 2 RV042, One-to-One NAT Rule on NAT 1 RV042

Page 97

Appendix J

IPSec NAT Traversal

Configuration of Scenario 2

In this scenario, Router B is the RVL200 Initiator, while Router A is the RVL200 Responder. Router B will have the Remote Security Gateway IP address set to a public IP address that is associated with the WAN IP address of Router A, which is behind the NAT. Hence the public IP address (192.168.99.1) must be mapped to the WAN IP address (192.168.11.101, a private IP address) of Router A through the two one-to-one NAT rules:

•192.168.99.1 => 192.168.111.11 (on NAT 2)

•192.168.111.11 => 192.168.11.101 (on NAT 1)

WAN: 192.168.99.11	WAN: 192.168.99.22
NAT 2 - RV042	Router B - RVL200
LAN: 192.168.111.1	Initiator
	LAN: 192.168.2.0/24

WAN: 192.168.111.101

NAT 1 - RV042

LAN: 192.168.11.1

192.168.2.100

WAN: 192.168.11.101

Router A - RVL200 Responder

LAN: 192.168.1.0/24

192.168.1.101

Traffic in Scenario 2

NOTE: Both the IPSec initiator and responder must support the mechanism for detecting the NAT router in the path and changing to a new port, as defined in RFC 3947.

Configuration of the One-to-One NAT Rules

The one-to-one NAT rules must be configured on NAT 2 - RV042 and NAT 1 - RVO42.

One-to-One NAT Rule on NAT 2 - RV042

192.168.99.1 => 192.168.111.11

Refer to the documentation of the 10/100 4-Port VPN Router (model number: RV042) for more details about one-to-one NAT rules.

One-to-One NAT Rule on NAT 1 - RV042

192.168.111.11 => 192.168.11.101

Configuration of Router B

Set the Remote Security Gateway to IP address: 192.168.99.1, which is the one-to-one NAT IP address used by NAT 2 - RV042.

Follow these instructions for Router B.

1.Launch the web browser for a networked computer, designated PC 2.

2.Access the web-based utility of the Router B. (Refer to “Chapter 4: Advanced Configuration” for details.)

3.Click the IPSec VPN tab.

4.Click the Gateway to Gateway tab.

5.Enter a name in the Tunnel Name field.

6.For the VPN Tunnel setting, select Enable.

7.TheWAN IP address of the Router B will be automatically detected.

For the Local Security Group Type, select Subnet. Enter Router B’s local network settings in the IP Address and Subnet Mask fields.

8.For the Remote Security Gateway Type, select IP address. Enter 192.168.99.1 in the IP Address field.

Router B’s IPSec VPN Settings

4-Port SSL/IPSec VPN Router

89

Image 97

Contents Port SSL/IPSec VPN Router About This Guide About This GuideTable of Contents Ddns IPSec VPN Gateway to Gateway Appendix D Active Directory Server Appendix C Bandwidth ManagementAppendix E User for the Active Directory Server Appendix J IPSec NAT Traversal Appendix I Gateway-to-Gateway VPN TunnelAppendix L Multiple VLANs with Computers Appendix P Battery Replacement Appendix O Firmware UpgradeAppendix Q Specifications Appendix M Multiple VLANs and SubnetsChapter Introduction ChapterIntroduction Introduction to the RouterComputer using SSL VPN client software to VPN Router Product Overview Chapter Product OverviewFront Panel Back PanelInstallation Chapter InstallationPhysical Installation Cable Connection Advanced Configuration Chapter Advanced ConfigurationOverview Before You BeginClick Security Select Use SSL 2.0 and Use SSL How to Access the Web-Based UtilitySystem Information System SummaryFirewall Setting Status Network Setting StatusIPSec VPN Setting Status SSL VPN Setting StatusLAN Setting Setup Tab NetworkNetwork WAN Connection TypePPPoE Point-to-Point Protocol over Ethernet Static IPPptp Point-to-Point Tunneling Protocol Setup PasswordSetup DMZ Host Setup TimePassword TimeForwarding Setup Tab ForwardingPort Range Forwarding Port TriggeringUPnP Setup UPnPSetup MAC Clone Setup One-to-One NATOne-to-One NAT Setup Advanced Routing Setup DdnsMAC Clone Advanced RoutingStatic Routing Dhcp SetupDynamic IP SetupStatic IP Status Dhcp StatusDhcp Multiple VLANs Multiple VLANsDiagnostic System Management DiagnosticDhcp Inter-VLAN Routing Inter-VLAN RoutingFirmware Upgrade Factory DefaultSystem Management Restart Firmware DownloadExport Configuration File Import Configuration FileSystem Management Port Mirroring RestartBasic Per Port Config Port Management Port SetupPort Management Port Status Port StatusPort Setting Port Management Port SettingPort Management Create Vlan Create VlanVlan Membership QoS Bandwidth ManagementBandwidth Management Priority Rate ControlQoS Setup QoS QoS SetupQoS Mode Trust Mode Default CoSQoS Dscp Settings QoS Queue SettingsQueue Settings CoS SettingsFirewall General Dscp SettingsGeneral Dscp to QueueAccess Rules Firewall Access RulesRestrict WEB Features Services Add a New Access RuleContent Filter Firewall Content FilterScheduling IP/MAC GroupForbidden Domains IPSec VPN SummaryWebsite Blocking by Keywords IP AddressIPSec VPN Gateway to Gateway Local Group SetupSummary Add a New TunnelLocal Security Group Type Remote Group SetupRemote Security Gateway Type Remote Security Group Type IKE with Preshared Key IPSec SetupAdvanced SSL VPN Summary IPSec VPN VPN Pass ThroughSSL VPN Certificate Management VPN Pass ThroughSSL VPN User Management Authentication TypeUser Management Edit GroupEdit User SSL VPN Virtual PassageVirtual Passage Snmp Global ParametersGlobal Parameters Snmp Group Profile Snmp ViewsViews Group ProfileSnmp Communities Snmp Group MembershipGroup Membership CommunitiesNotification Recipient Snmp Notification RecipientSystem Log Log System LogLog System Statistics Log SettingAlert Log General LogWizard Basic SetupPPPoE Obtain an IP automaticallyAccess Rule Setup Select the Service Logout SupportManual Linksys Web SiteLogout Troubleshooting Appendix a TroubleshootingAppendix a Appendix B Virtual Passage SSL VPN Client Appendix BBefore You Begin Windows OS Click Trusted sites Make the SSL VPN Portal a Trusted Site Windows OSLogin for the SSL VPN Portal Windows OS Installation of the Virtual Passage Client Windows OSClick Continue Anyway When you right-click the icon, you have three optionsLogin for the SSL VPN Portal Mac OS Installation of the Virtual Passage Client Mac OSWindows Vista Usage Click Continue Removal of the Virtual Passage Client Mac OSLogin for the SSL VPN Portal Linux OS Installation of the Virtual Passage Client Linux OSBefore You Begin Linux OS Removal of the Virtual Passage Client Linux OS Appendix C Creation of New ServicesAppendix C Bandwidth Management Bandwidth ManagementCreation of New Bandwidth Management Rules Click Save SettingsAppendix D Active Directory Server Appendix DActive Directory Server Select Domain in a new forest, and then click Next Enter a domain name, and then click Next Active Directory Server Troubleshooting Appendix E User for the Active Directory Server Appendix EUser for the Active Directory Server Appendix F Appendix F Internet Authentication Service IAS ServerInternet Authentication Service IAS Server Select Unencrypted authentication. Click Apply Click Finish Welcome to the New Connection Request Policy Wizard Click Edit Profile Click the User Management tab Appendix GAppendix H Select HTTPSTCP/443~443 from the Service drop- down menuAppendix H Deployment in an Existing Network LAN-to-LAN ConnectionWAN-to-LAN Connection Appendix Configuration of the RVL200Appendix Gateway-to-Gateway VPN Tunnel Click the Gateway to Gateway tabConfiguration of PC 1 and PC Configuration of the RV082RV082 RVL200 Dynamic IP B.B.B.B with Configuration when Both Gateways Use Dynamic IP Addresses Appendix Configuration of Router a Configuration of ScenarioAppendix J Appendix J IPSec NAT TraversalIPSec NAT Traversal Configuration of Router BOne-to-One NAT Rule on NAT 1 RV042 One-to-One NAT Rule on NAT 2 RV042Configuration of Router a RVL200-to-RV042 Configuration Configuration of MultipleAppendix K Appendix KClick Save Setting RV042 #1 ConfigurationClick the Advanced Routing tab RV042 #2 Configuration Appendix L RVL200-to-SRW2048 ConfigurationAppendix L Multiple VLANs with Computers Click the Port Management tabSelect Enable Vlan SRW2048 ConfigurationClick Save Settings Click the Vlan Membership tab Appendix M RVL200 ConfigurationAppendix M Multiple VLANsClick the Inter-VLAN Routing tab Inter-VLAN Routing OptionAppendix N Access of Multiple VLANsAppendix N Over a SSL VPN TunnelFirmware Upgrade Appendix O Firmware UpgradeAppendix O Click the Firmware Upgrade tab Upgrade the FirmwareBattery Replacement Appendix P Battery ReplacementReplace the Lithium Battery Appendix PSpecifications Appendix Q SpecificationsAppendix Q Limited Warranty Warranty InformationAppendix R Regulatory Information Appendix SDansk Danish Miljøinformation for kunder i EU Port SSL/IPSec VPN Router 106 Norsk Norwegian Miljøinformasjon for kunder i EU Port SSL/IPSec VPN Router 108 Contact Information Appendix T