VPN IPSEC with a nat-enabled router
Options
Hi. I've a litte question about a VPN problem.
The situation is this:
Internet =70.4.... (with 1 public static IP) => Fiber routrer == 192.168.1.x ==> USG110 ==192.168.10.x= => LAN
The customer has another person that needs to connect to the lan. I tried with SSL VPN and it worked fine (I natted all ports from router to firewall), but my boss sold them the IPSEC license. I tried the autoconfiguration but, when I download the cofiguration from the client, it sets the destination IP the wan IP of the firewall (192.168.1.2) and not the external one. So the client won't work. If I manually the remote gateway on the client with the public IP, everything stops after "sending phase 1 ID".
Unfortunatly I cannot put the pubblic IP on firewall's wan
I read some docs, but I cannot find my actual situation to search any hint for the config
0
All Replies
-
Hi @Cava
In your scenario, the VPN must be established via the public ip address, so the following configuration must be done on the fiber router:
- Static NAT:
Source: Public IP address on the fiber router
Destination: 192.168.1X (WAN USG110)
Port: 500 UDP, 4500 UDP
And the IP protocols: ESP (Ip protocol 50) and AH (ip protocol 51).
Best regards
0 -
Thanks. There was a rule for a video conference sw that was natting the 4500 on another network.
0
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 74 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 333 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 198 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight