IPSec NAT Traversal | Cisco Systems RV042G, RV016 guide

IPSec NAT Traversal

Overview

E

NOTE Both the IPSec initiator and responder must support the mechanism for detecting the NAT router in the path and changing to a new port, as defined in RFC 3947.

Configuration of Router A

Follow these instructions for Router A.

STEP 1 Launch the web browser for a networked computer, designated PC 1. STEP 2 Access the configuration utility of Router A.

STEP 3 Click VPN > Gateway to Gateway in the navigation tree.

STEP 4 Enter a name in the Tunnel Name field.

STEP 5 For the VPN Tunnel setting, select Enable.

STEP 6 For the Local Security Gateway Type, select IP Only. The WAN IP address of Router A will be automatically detected.

For the Local Security Group Type, select Subnet. Enter Router A’s local network settings in the IP Address and Subnet Mask fields.

STEP 7 For the Remote Security Gateway Type, select IP Only. Enter Router B’s WAN IP address in the IP Address field.

STEP 8 For the Remote Security Group Type, select Subnet. Enter Router B’s local network settings in the IP Address and Subnet Mask fields.

STEP 9 In the IPSec Setup section, select the appropriate encryption, authentication, and other key management settings.

STEP 10 In the Preshared Key field, enter a string for this key, for example, 13572468. STEP 11 Click Advanced Settings.

STEP 12 Check the NAT Traversal box to enable this feature.

STEP 13 Click Save.

STEP 14 Proceed to the next section, Configuration of Router B, page185.

Cisco Small Business RV0xx Series Routers Administration Guide

184

Image 184

Cisco Systems RV042G, RV016 manual IPSec NAT Traversal, Configuration of Router a

Contents

Administration Guide Cisco Systems, Inc. All rights reserved 78-19576-01 B0 Viewing System Summary Information Setup Other Hardware FeaturesPlacement Tips Introduction Dhcp System ManagementPort Management Firewall VPN 122 Logging System Statistics 153 Appendix G Specifications 189 Appendix H Where to Go From Here 199Appendix E IPSec NAT Traversal 183 Appendix F Bandwidth Management 186 RV0xx Series Router Features ModelPorts RV042 and RV042G RV082 RV016 Introduction RV042 and RV042G PortsRV042 and RV042G Status Lights RV082 Ports and Status Lights Ports Port Description Status Lights Light Description Other Hardware Features Feature Description Default Settings Placement TipsDesktop Placement Parameter Default Value Wall Mounting RV042 and RV042G 58 mm apart RV082 and RV016 94 mm apart Rack Mounting RV082 or RV016 Connecting the Equipment RV042 and RV042G Internet PortRV082 Internet Port RV016 Internet 1 Port Getting Started with the Configuration Troubleshooting Tips Features of the User Interface Navigation Setup Wizards Saving the SettingsPop-Up Windows Help Viewing System Summary Information Cisco ProtectLink Web System InformationViewing System Summary Information Port Statistics ConfigurationPort Information Window Viewing System Summary Information WAN Status WAN information Firewall Setting Status VPN Setting StatusLog Setting Status DMZ information Setup Setup Setting Up the NetworkHost Name and Domain Name LAN Setting device IP address and subnets IP ModeChanging the device IP address Enabling multiple subnets IPv4 only Setup WAN Setting Internet connection DMZ Setting Setup Editing a WAN Connection Page Page Page Editing a DMZ Connection IPv4 IPv6Page Changing the Administrator Username and Password Setup Setting the System Time To open this page Click Setup Time in the navigation tree Setting Up a DMZ Host Port Range Forwarding Setting Up Port Forwarding and Port TriggeringPort Range Forwarding, Port Triggering, Setup Adding a service Port Triggering Setting Up Universal Plug and Play UPnP To open this page Click Setup UPnP in the navigation tree Setup Adding a service Setting Up One-to-One NAT Setup Cloning a MAC Address for the Router Editing the MAC Address Clone Settings Assigning a Dynamic DNS Host Name to a WAN Interface Editing the Dynamic DNS Setup Setting Up Advanced Routing Configuring Dynamic Routing, Configuring Static Routing, Dynamic Routing for IPv4 Configuring Dynamic RoutingData None, RIPv1, RIPv2 Broadcast, or RIPv2 Multicast Dynamic Routing for IPv6 Configuring Static RoutingPrefix Length Pv6 only Enter the prefix length Setting Up Advanced Routing IPv6 Transition To Go From Here Setting Up the Dhcp Server or Dhcp Relay Dhcp Dhcp DNS used for Dhcp Server only Dynamic IP used for Dhcp Server onlyWins used for Dhcp Server, IPv4 Only About Static IP Addresses for IPv4 Only Assigning static IP addresses by adding devices from a list Assigning static IP addresses by entering devices manually Using the Static IP List to Block Devices DNS Local Database Dhcp Server Viewing the Dhcp Status InformationClient Table Router Advertisement IPv6 Dhcp Setting Up Dual WAN and Multi-WAN Connections System Management Mode Cisco RV042, RV042G, and RV082 System Management Mode Cisco RV016 Interface Setting Network Service Detection Editing the Dual WAN and Multi-WAN SettingsMax Bandwidth Provided by ISP Page Adding a service Page Managing the Bandwidth Settings Max Bandwidth Provided by ISPBandwidth Management Type Appendix F, Bandwidth Management Managing the Bandwidth Settings Adding a service Setting Up Snmp Enabling Device Discovery with Bonjour Enabling Device Discovery with Bonjour To open this page Click System Management Diagnostic Using Built-In Diagnostic ToolsDNS Name Lookup Ping Restoring the Factory Default Settings Upgrading the Firmware Restarting the Router Backing Up and Restoring the Settings Restoring the Settings from a Configuration File Backing Up Configuration Files and Mirror Files Copying a Startup File or Mirror File Backing Up and Restoring the Settings Configuring the Port Settings Port Management Port Management Viewing the Status Information for a Port Summary Statistics Configuring the General Firewall Settings Firewall Firewall Restrict Web Features Firewall Configuring Firewall Access Rules About Access Rules Managing Access Rules To delete all custom rules Click Restore to Default Rules Configuring Access Rules Services IPv4 and IPv6 Schedule IPv4 Only Adding a service Page Using Content Filters to Control Internet Access Forbidden Domains, Website Blocking by Keywords, Schedule, Forbidden Domains Website Blocking by Keywords Schedule Cisco ProtectLink Web Getting Started with Cisco ProtectLink Web Cisco ProtectLink Web Specifying the Global Settings for Approved URLs and Clients Approved URL Configuration Approved Clients ConfigurationApproved URLs and Approved Clients To delete an entry Click the Delete icon Enabling Web Protection for URL Filtering Web Protection URL Filtering Business Hour Setting Web Reputation Updating the ProtectLink License URL Overflow Control License License Information VPN Introduction to VPNs Remote Access Client To Gateway Configuration tasksSite to Site VPN Gateway To Gateway Gateway-to-Gateway VPN Tunnel Between RV0xx Series Routers QuickVPN, page125 and Remote Access with PPTP, page125 Router Remote Access with Cisco QuickVPN Remote Access with Pptp Viewing the Summary Information for VPN To open this page Click VPN Summary in the navigation tree Tunnel Status Up a Remote Access Tunnel for VPN Clients Client To Gateway, GroupVPN Status VPN Clients Status Setting Up a Gateway to Gateway Site to Site VPN Local Group Setup and Remote Group Setup Add a New Tunnel VPN IPSec Setup Preshared Key, page 135 and Advanced settings for IKE with Required fields for Manual mode Required fields for IKE with Preshared Key Advanced settings for IKE with Preshared Key VPN VPN RV0xx Local Group Setup Remote Client Setup for Single User Tunnel Type VPN IPSec Setup Required fields for IKE with Preshared Key Advanced settings for IKE with Preshared Key VPN Managing VPN Users and Certificates Users, Certificate Management, page148 Users Certificate Management Setting Up VPN Passthrough Setting Up Pptp Server IP Address Range Pptp Server Connection List Setting Up the System Log and Alerts Syslog section, Mail section, Log Setting, Buttons, Syslog sectionMail section Logging System Statistics Log Setting Buttons Viewing the System Log Logging System Statistics Basic Setup, Access Rule Setup, page160 Wizard Access Rule Setup Basic SetupWizard Term Definition Beacon intervalDtim Delivery Traffic Indication Message Glossary Term Definition Radvd Router Advertisement DaemonRequest to Send RTS Threshold Static routing RIPng RIP next generationVlan Virtual LAN Firmware upgrade has failed Your computer cannot connect to the Internet Troubleshooting Router does not have a coaxial port for the cable connection Cisco QuickVPN for Windows Introduction Using the Cisco QuickVPN Software Cisco QuickVPN Client Installation and ConfigurationCisco QuickVPN for Windows Using the Cisco QuickVPN Software Topology Options VPN Hub and Spoke Topology Hub and Spoke VPN Mesh Topology Mesh WAN Setup Other Design Considerations LAN Setup Gateway To Gateway Tunnel with a Dynamic IP Address Configuring a VPN Tunnel on a Cisco RV0xx Series Router Example Sites with Static WAN IP Addresses Settings on the Site a RouterField Value Encryption Phase MD5 Field Values Encryption Example Site with a Dynamic WAN IP Address Authentication Field Value IPSec Setup Keying Mode IKE with Preshared Key Phase IPSec NAT Traversal Overview Configuration of Router a IPSec NAT Traversal Configuration of Router B Click the System Management tab Creation of New ServicesClick Add to List Creation of New Bandwidth Management Rules Bandwidth Management Click Save Specifications RV042Performance Security Network SpecificationsQoS Management RV042GEnvironmental Operating System Linux VPN Cisco RV082 IKE Cisco RV016 Dhcp DNS NAT DMZ Built-in Pptp server supporting 10 Pptp clients Product Documentation SupportCisco Small Business