Cisco Systems RV042RF One-to-One NAT Rule on NAT 2 RV042, One-to-One NAT Rule on NAT 1 RV042

Page 76

Appendix D

IPSec NAT Traversal

Configuration of Scenario 2

In this scenario, Router B is the RVL200 Initiator, while Router A is the RVL200 Responder. Router B will have the Remote Security Gateway IP address set to a public IP address that is associated with the WAN IP address of Router A, which is behind the NAT. Hence the public IP address (192.168.99.1) must be mapped to the WAN IP address (192.168.11.101, a private IP address) of Router A through the two one-to-one NAT rules:

•• 192.168.99.1 => 192.168.111.11 (on NAT 2)

•• 192.168.111.11 => 192.168.11.101 (on NAT 1)

WAN: 192.168.99.11	WAN: 192.168.99.22
NAT 2 - RV042	Router B - RVL200
LAN: 192.168.111.1	Initiator
	LAN: 192.168.2.0/24

WAN: 192.168.111.101

NAT 1 - RV042

LAN: 192.168.11.1

192.168.2.100

WAN: 192.168.11.101

Router A - RVL200 Responder

LAN: 192.168.1.0/24

192.168.1.101

Traffic in Scenario 2

NOTE: Both the IPSec initiator and responder must support the mechanism for detecting the NAT router in the path and changing to a new port, as defined in RFC 3947.

Configuration of the One-to-One NAT Rules

The one-to-one NAT rules must be configured on NAT 2 - RV042 and NAT 1 - RVO42.

One-to-One NAT Rule on NAT 2 - RV042

192.168.99.1 => 192.168.111.11

Follow these instructions for the one-to-one NAT rule on NAT 2 - RV042.

1.Launch the web browser for a networked computer.

2.Access the web-based utility of NAT 2 - RV042. (Refer to “Chapter 4: Advanced Configuration” for details.)

3.Click the Setup tab.

4.Click the One-to-One NAT tab.

5.For the One-to-One NAT setting, select Enable.

Setup > One-to-One NAT

6.In the Private Range Begin field, enter 99.1.

7.In the Public Range Begin field, enter 111.11.

8.In the Range Length field, enter an appropriate value. The range length cannot exceed the number of valid IP addresses. To map a single address, enter 1.

9.Click Add to List.

10.Click Save Settings.

Refer to “Chapter 4: Advanced Configuration” for more details about one-to-one NAT rules.

One-to-One NAT Rule on NAT 1 - RV042

192.168.111.11 => 192.168.11.101

Follow these instructions for the one-to-one NAT rule on NAT 1 - RV042.

1.Launch the web browser for a networked computer.

2.Access the web-based utility of NAT 1 - RV042. (Refer to “Chapter 4: Advanced Configuration” for details.)

3.Click the Setup tab.

10/100 4-Port VPN Router

69

Image 76

Contents 10/100 4-Port VPN Router About This Guide About This GuideIcon Descriptions Online ResourcesTable of Contents Ddns Appendix a Troubleshooting Appendix B Linksys QuickVPN for Windows 2000, XP, or VistaAppendix F Firmware Upgrade Appendix H SpecificationsAppendix G Trend Micro ProtectLink Gateway Service Appendix D IPSec NAT TraversalAppendix K Regulatory Information Appendix I Warranty InformationAppendix L Contact Information Chapter Introduction ChapterIntroduction Computer using VPN client software to VPN Router Chapter Product Overview Product OverviewChapter Installation InstallationPhysical Installation Cable ConnectionsInstallation Chapter Advanced Configuration Advanced ConfigurationHow to Access the Web-Based Utility OverviewConfiguration System InformationPort Statistics Trend Micro ProtectLink GatewayNetwork Setting Status Firewall Setting StatusVPN Setting Status Log Setting StatusLAN Setting Setup Tab NetworkNetwork Dual-WAN/DMZ Setting WAN Connection TypePPPoE Point-to-Point Protocol over Ethernet Pptp Point-to-Point Tunneling ProtocolSetup Password Heart Beat SignalSetup Time Setup DMZ HostPassword TimeSetup Tab Forwarding ForwardingPort Range Forwarding Port TriggeringSetup UPnP UPnPSetup One-to-One NAT Setup MAC CloneOne-to-One NAT Add RangeSetup Ddns MAC CloneWAN1/2 DynDNS.orgSetup Advanced Routing Advanced RoutingDynamic Routing Oray.net PeanutHull DdnsDhcp Setup Static RoutingDynamic IP SetupStatic IP Smart Link Backup Dhcp StatusStatus Dual-WANNetwork Service Detection Load BalanceBandwidth WAN1/2 System Management Bandwidth ManagementProtocol Binding Bandwidth Management Maximum Bandwidth provided by ISPBandwidth Management Type Rate ControlSystem Management Snmp PrioritySystem Management Diagnostic DiagnosticDNS Name Lookup PingFactory Default Firmware UpgradeSystem Management Restart Firmware DownloadPort Management Port Setup Import Configuration FileExport Configuration File Basic Per Port ConfigPort Management Port Status Firewall GeneralPort Status GeneralFirewall Access Rules Restrict WEB FeaturesAdd a New Access Rule Access RulesServices Firewall Content Filter SchedulingContent Filter ProtectLinkVPN Summary SummaryGateway to Gateway GroupVPN StatusClient to Gateway Local Group Setup VPN Gateway to GatewayAdd a New Tunnel VPN Clients StatusLocal Security Group Type Remote Group Setup Remote Security Gateway TypeIKE with Preshared Key IPSec SetupRemote Security Group Type Keying Mode Manual VPN Client to Gateway AdvancedTunnel Tunnel No The tunnel number is automatically generatedRemote Client Setup Remote ClientGroup VPN Default is Domain NameFQDN Keying Mode Manual Tunnel Only VPN VPN Client Access VPN Client Access VPN VPN Pass ThroughVPN Client Users Certificate ManagementVPN Pptp Server Log System LogVPN Pass Through Pptp ServerLog Setting System LogSyslog MailLog System Statistics Basic Setup WizardObtain an IP automatically PPPoE MinutesAccess Rule Setup Select the Log Rule Support LogoutManual Linksys Web SiteTroubleshooting Appendix a TroubleshootingAppendix a Appendix B Appendix BLinksys QuickVPN for Windows 2000, XP, or VistaLinksys QuickVPN Client Installation and Configuration Install from the CD-ROMClick the VPN Client Access tab Click Add to list Click Save SettingsInstall the Client Certificate Click Business Click Router/VPN SolutionsDownload from the Internet Linksys QuickVPN ConnectionConfirm New Password Re-enter your new password Version Number of Linksys QuickVPNConfiguration of the RVL200 Appendix CAppendix C Gateway-to-Gateway VPN Tunnel Before You BeginConfiguration of the RV042 Configuration of PC 1 and PCRV042 RVL200 Dynamic IP B.B.B.B with Configuration when Both Gateways Use Dynamic IP Addresses Appendix C Configuration of Scenario Configuration of Router aAppendix D Appendix D IPSec NAT TraversalConfiguration of Router B IPSec NAT TraversalOne-to-One NAT Rule on NAT 1 RV042 One-to-One NAT Rule on NAT 2 RV042Click the One-to-One NAT tab Configuration of Router a Appendix D Creation of New Services Appendix EAppendix E Bandwidth Management Bandwidth ManagementCreation of New Bandwidth Management Rules Appendix F Firmware Upgrade Firmware UpgradeUpgrade the Firmware Alternative Firmware Upgrade OptionFirmware Upgrade Appendix G Trend Micro ProtectLink Gateway Service How to Purchase, Register, or Activate the ServiceAppendix G System SummaryHow to Use the Service ProtectLinkProtectLink Web Protection Web ProtectionProtectLink Email Protection ProtectLink LicenseEmail Protection LicenseAppendix G Specifications Appendix H SpecificationsAppendix H Warranty Information Obtaining Warranty ServiceAppendix Exclusions and LimitationsWarranty Information Technical SupportAppendix J Appendix J Software License AgreementSoftware in Linksys Products Software LicensesSchedule Software License AgreementPreamble Appendix J END of Terms and Conditions OpenSSL License Original SSLeay LicenseAppendix J Appendix K Regulatory InformationDansk Danish Miljøinformation for kunder i EU Appendix K Norsk Norwegian Miljøinformasjon for kunder i EU Appendix K Appendix L Contact Information