Appendix J | IPSec NAT Traversal |
Configuration of Scenario 2
In this scenario, Router B is the RVL200 Initiator, while Router A is the RVL200 Responder. Router B will have the Remote Security Gateway IP address set to a public IP address that is associated with the WAN IP address of Router A, which is behind the NAT. Hence the public IP address (192.168.99.1) must be mapped to the WAN IP address (192.168.11.101, a private IP address) of Router A through the two
•192.168.99.1 => 192.168.111.11 (on NAT 2)
•192.168.111.11 => 192.168.11.101 (on NAT 1)
WAN: 192.168.99.11 | WAN: 192.168.99.22 |
NAT 2 - RV042 | Router B - RVL200 |
LAN: 192.168.111.1 | Initiator |
| LAN: 192.168.2.0/24 |
WAN: 192.168.111.101
NAT 1 - RV042
LAN: 192.168.11.1
192.168.2.100
WAN: 192.168.11.101
Router A - RVL200 Responder
LAN: 192.168.1.0/24
192.168.1.101
Traffic in Scenario 2
NOTE: Both the IPSec initiator and responder must support the mechanism for detecting the NAT router in the path and changing to a new port, as defined in RFC 3947.
Configuration of the One-to-One NAT Rules
The
One-to-One NAT Rule on NAT 2 - RV042
192.168.99.1 => 192.168.111.11
Refer to the documentation of the 10/100
One-to-One NAT Rule on NAT 1 - RV042
192.168.111.11 => 192.168.11.101
Configuration of Router B
Set the Remote Security Gateway to IP address: 192.168.99.1, which is the
Follow these instructions for Router B.
1.Launch the web browser for a networked computer, designated PC 2.
2.Access the
3.Click the IPSec VPN tab.
4.Click the Gateway to Gateway tab.
5.Enter a name in the Tunnel Name field.
6.For the VPN Tunnel setting, select Enable.
7.TheWAN IP address of the Router B will be automatically detected.
For the Local Security Group Type, select Subnet. Enter Router B’s local network settings in the IP Address and Subnet Mask fields.
8.For the Remote Security Gateway Type, select IP address. Enter 192.168.99.1 in the IP Address field.
Router B’s IPSec VPN Settings
89 |
