IPSec NAT Traversal, Overview | Cisco Systems RV016, RV042G specs

E

IPSec NAT Traversal

Overview

Network Address Translation (NAT) traversal is a technique developed so that data protected by IPSec can pass through a NAT. Since IPSec provides integrity for the entire IP datagram, any changes to the IP addressing will invalidate the data. To resolve this issue, NAT traversal appends a new IP and UDP header to the incoming datagram, ensuring that no changes are made to the incoming datagram stream.

In the following scenario, Router A initiates IKE negotiation, while Router B is the responder.

	RV042		RV016				WAN: 192.168.99.22
	WAN: 192.168.99.11						WAN: 192.168.99.22
	NAT 2						Router B - Responder
	LAN: 192.168.111.1						LAN: 192.168.2.0/24
	RV042
WAN: 192.168.111.101
WAN: 192.168.111.101
NAT 1
NAT 1
LAN: 192.168.11.1


	RV016






	WAN: 192.168.11.101		192.168.2.100
	Router A - Initiator
	LAN: 192.168.1.0/24

192.168.1.101

199787

Cisco Small Business RV0xx Series Routers Administration Guide

183

Image 183

Cisco Systems RV016, RV042G manual IPSec NAT Traversal, Overview

Contents

Administration Guide Cisco Systems, Inc. All rights reserved 78-19576-01 B0 Introduction Viewing System Summary Information SetupOther Hardware Features Placement Tips Firewall DhcpSystem Management Port Management Logging System Statistics 153 VPN 122 Appendix F Bandwidth Management 186 Appendix G Specifications 189Appendix H Where to Go From Here 199 Appendix E IPSec NAT Traversal 183 RV042 and RV042G RV082 RV016 RV0xx Series Router FeaturesModel Ports RV082 Ports and Status Lights IntroductionRV042 and RV042G Ports RV042 and RV042G Status Lights Port Description Ports Light Description Status Lights Feature Description Other Hardware Features Parameter Default Value Default SettingsPlacement Tips Desktop Placement RV042 and RV042G 58 mm apart RV082 and RV016 94 mm apart Wall Mounting Rack Mounting RV082 or RV016 RV016 Internet 1 Port Connecting the EquipmentRV042 and RV042G Internet Port RV082 Internet Port Getting Started with the Configuration Troubleshooting Tips Navigation Features of the User Interface Help Setup WizardsSaving the Settings Pop-Up Windows Viewing System Summary Information System Information Cisco ProtectLink WebViewing System Summary Information Configuration Port StatisticsPort Information Window Viewing System Summary Information WAN information WAN Status DMZ information Firewall Setting StatusVPN Setting Status Log Setting Status Setup Setting Up the Network SetupHost Name and Domain Name IP Mode LAN Setting device IP address and subnetsChanging the device IP address Enabling multiple subnets IPv4 only Setup WAN Setting Internet connection DMZ Setting Setup Editing a WAN Connection Page Page Page IPv4 IPv6 Editing a DMZ ConnectionPage Changing the Administrator Username and Password Setup To open this page Click Setup Time in the navigation tree Setting the System Time Setting Up a DMZ Host Setting Up Port Forwarding and Port Triggering Port Range ForwardingPort Range Forwarding, Port Triggering, Setup Adding a service Port Triggering To open this page Click Setup UPnP in the navigation tree Setting Up Universal Plug and Play UPnP Setup Adding a service Setting Up One-to-One NAT Setup Cloning a MAC Address for the Router Editing the MAC Address Clone Settings Assigning a Dynamic DNS Host Name to a WAN Interface Editing the Dynamic DNS Setup Configuring Dynamic Routing, Configuring Static Routing, Setting Up Advanced Routing Configuring Dynamic Routing Dynamic Routing for IPv4Data None, RIPv1, RIPv2 Broadcast, or RIPv2 Multicast Configuring Static Routing Dynamic Routing for IPv6Prefix Length Pv6 only Enter the prefix length Setting Up Advanced Routing IPv6 Transition To Go From Here Dhcp Setting Up the Dhcp Server or Dhcp Relay Dhcp Dynamic IP used for Dhcp Server only DNS used for Dhcp Server onlyWins used for Dhcp Server, IPv4 Only Assigning static IP addresses by adding devices from a list About Static IP Addresses for IPv4 Only Assigning static IP addresses by entering devices manually Using the Static IP List to Block Devices DNS Local Database Viewing the Dhcp Status Information Dhcp ServerClient Table Router Advertisement IPv6 Dhcp System Management Setting Up Dual WAN and Multi-WAN Connections System Management Mode Cisco RV042, RV042G, and RV082 Mode Cisco RV016 Interface Setting Editing the Dual WAN and Multi-WAN Settings Network Service DetectionMax Bandwidth Provided by ISP Page Adding a service Page Appendix F, Bandwidth Management Managing the Bandwidth SettingsMax Bandwidth Provided by ISP Bandwidth Management Type Managing the Bandwidth Settings Adding a service Setting Up Snmp Enabling Device Discovery with Bonjour Enabling Device Discovery with Bonjour Using Built-In Diagnostic Tools To open this page Click System Management DiagnosticDNS Name Lookup Ping Restoring the Factory Default Settings Upgrading the Firmware Restarting the Router Restoring the Settings from a Configuration File Backing Up and Restoring the Settings Copying a Startup File or Mirror File Backing Up Configuration Files and Mirror Files Backing Up and Restoring the Settings Port Management Configuring the Port Settings Port Management Summary Viewing the Status Information for a Port Statistics Firewall Configuring the General Firewall Settings Firewall Restrict Web Features Firewall About Access Rules Configuring Firewall Access Rules Managing Access Rules To delete all custom rules Click Restore to Default Rules Services IPv4 and IPv6 Configuring Access Rules Schedule IPv4 Only Adding a service Page Forbidden Domains, Website Blocking by Keywords, Schedule, Using Content Filters to Control Internet Access Website Blocking by Keywords Forbidden Domains Schedule Getting Started with Cisco ProtectLink Web Cisco ProtectLink Web Cisco ProtectLink Web Specifying the Global Settings for Approved URLs and Clients To delete an entry Click the Delete icon Approved URL ConfigurationApproved Clients Configuration Approved URLs and Approved Clients Web Protection Enabling Web Protection for URL Filtering URL Filtering Web Reputation Business Hour Setting URL Overflow Control Updating the ProtectLink License License Information License Introduction to VPNs VPN Gateway-to-Gateway VPN Tunnel Between RV0xx Series Routers Remote Access Client To GatewayConfiguration tasks Site to Site VPN Gateway To Gateway Router QuickVPN, page125 and Remote Access with PPTP, page125 Remote Access with Pptp Remote Access with Cisco QuickVPN To open this page Click VPN Summary in the navigation tree Viewing the Summary Information for VPN Tunnel Status GroupVPN Status Up a Remote Access Tunnel for VPN Clients Client To Gateway, VPN Clients Status Setting Up a Gateway to Gateway Site to Site VPN Add a New Tunnel Local Group Setup and Remote Group Setup VPN IPSec Setup Required fields for Manual mode Preshared Key, page 135 and Advanced settings for IKE with Required fields for IKE with Preshared Key Advanced settings for IKE with Preshared Key VPN VPN RV0xx Local Group Setup Remote Client Setup for Single User Tunnel Type VPN IPSec Setup Required fields for IKE with Preshared Key Advanced settings for IKE with Preshared Key VPN Users, Certificate Management, page148 Managing VPN Users and Certificates Certificate Management Users Setting Up VPN Passthrough Setting Up Pptp Server Pptp Server IP Address Range Connection List Syslog section, Mail section, Setting Up the System Log and Alerts Logging System Statistics Log Setting, Buttons,Syslog section Mail section Log Setting Buttons Viewing the System Log Logging System Statistics Wizard Basic Setup, Access Rule Setup, page160 Basic Setup Access Rule SetupWizard Indication Message Term DefinitionBeacon interval Dtim Delivery Traffic Glossary Term Definition Threshold Radvd RouterAdvertisement Daemon Request to Send RTS RIPng RIP next generation Static routingVlan Virtual LAN Your computer cannot connect to the Internet Firmware upgrade has failed Router does not have a coaxial port for the cable connection Troubleshooting Introduction Cisco QuickVPN for Windows Cisco QuickVPN Client Installation and Configuration Using the Cisco QuickVPN SoftwareCisco QuickVPN for Windows Using the Cisco QuickVPN Software Topology Options Hub and Spoke VPN Hub and Spoke Topology Mesh VPN Mesh Topology Other Design Considerations WAN Setup Gateway To Gateway Tunnel with a Dynamic IP Address LAN Setup Configuring a VPN Tunnel on a Cisco RV0xx Series Router Settings on the Site a Router Example Sites with Static WAN IP AddressesField Value MD5 Encryption Phase Encryption Field Values Example Site with a Dynamic WAN IP Address Authentication Field Value IPSec Setup Keying Mode IKE with Preshared Key Phase Overview IPSec NAT Traversal IPSec NAT Traversal Configuration of Router a Configuration of Router B Creation of New Services Click the System Management tabClick Add to List Bandwidth Management Creation of New Bandwidth Management Rules Click Save Security SpecificationsRV042 Performance Specifications NetworkQoS RV042G ManagementEnvironmental Operating System Linux VPN Cisco RV082 IKE Cisco RV016 Dhcp DNS NAT DMZ Built-in Pptp server supporting 10 Pptp clients Support Product DocumentationCisco Small Business