Appendix D

Appendix D:

IPSec NAT Traversal

Overview

Network Address Translation (NAT) traversal is a technique developed so that data protected by IPSec can pass through a NAT. (See NAT 1 and NAT 2 in the diagram.) Since IPSec provides integrity for the entire IP datagram, any changes to the IP addressing will invalidate the data. To resolve this issue, NAT traversal appends a new IP and UDP header to the incoming datagram, ensuring that no changes are made to the incoming datagram stream.

This chapter discusses two scenarios. In the first scenario, Router A initiates IKE negotiation, while in the second scenario, Router B initiates IKE negotiation. In the second scenario, since the IKE responder is behind a NAT device, a one-to-one NAT rule is required on the NAT device.

Before You Begin

The following is a list of equipment you need:

•• Two 4-Port SSL/IPSec VPN Routers (model number:

RVL200), one of which is connected to the Internet

•• Two 10/100 4-Port VPN Routers (model number: RV042), one of which is connected to the Internet

IPSec NAT Traversal

Configuration of Scenario 1

In this scenario, Router A is the RVL200 Initiator, while Router B is the RVL200 Responder.

WAN: 192.168.99.11

WAN: 192.168.99.22

NAT 2 - RV042

Router B - RVL200

LAN: 192.168.111.1

Responder

 

LAN: 192.168.2.0/24

WAN: 192.168.111.101

NAT 1 - RV042

LAN: 192.168.11.1

192.168.2.100

WAN: 192.168.11.101

Router A - RVL200 Initiator

LAN: 192.168.1.0/24

192.168.1.101

Traffic in Scenario 1

NOTE: Both the IPSec initiator and responder must support the mechanism for detecting the NAT router in the path and changing to a new port, as defined in RFC 3947.

Configuration of Router A

Follow these instructions for Router A.

1.Launch the web browser for a networked computer, designated PC 1.

2.Access the web-based utility of Router A. (Refer to the User Guide of the RVL200 for details.)

3.Click the IPSec VPN tab.

4.Click the Gateway to Gateway tab.

5.Enter a name in the Tunnel Name field.

6.For the VPN Tunnel setting, select Enable.

10/100 4-Port VPN Router

67

Page 74
Image 74
Linksys RV042 manual Appendix D IPSec NAT Traversal, Configuration of Scenario, Configuration of Router a

RV042 specifications

The Linksys RV042 is a robust and versatile VPN router designed for small to medium-sized businesses, offering a wide array of features that cater to networking demands. Boasting dual WAN ports, the RV042 allows users to have two internet connections, providing load balancing and failover capabilities. This means that the router can automatically switch to a secondary Internet connection if the primary fails, ensuring uninterrupted connectivity crucial for business operations.

A key feature of the RV042 is its support for Virtual Private Networking (VPN). It can accommodate up to 50 VPN tunnels simultaneously, enabling secure remote access for employees who need to connect to the office network from various locations. The router supports both PPTP and L2TP/IPsec protocols, which provide a layer of encryption, ensuring that data remains secure while transmitted over public networks.

In terms of connectivity, the Linksys RV042 is equipped with four Ethernet ports, supporting speeds of up to 1 Gbps through its LAN (Local Area Network) connections. This allows for high-speed data transfer within the office premises, making it suitable for bandwidth-intensive applications such as video conferencing and large file transfers. Additionally, the router features an integrated firewall, which helps protect the network from external threats by filtering incoming and outgoing traffic.

The RV042 also excels in its Quality of Service (QoS) capabilities, which enable users to prioritize traffic for more critical applications. This is particularly beneficial in environments where multiple applications rely on the same bandwidth, allowing businesses to maintain optimal performance for essential tasks.

For businesses looking to manage their network more effectively, the RV042 offers a web-based interface that simplifies configuration and monitoring. The user-friendly dashboard allows administrators to track network usage, configure access controls, and set up security measures easily.

Overall, the Linksys RV042 VPN router stands out for its reliability, security features, dual WAN support, and ease of management. It is an excellent choice for organizations that require a secure, stable, and high-performance networking solution, enabling seamless connectivity and productivity in an increasingly digital business landscape.