MultiCom Technical Support Forum Index MultiCom Technical Support
Supporting MultiCom Routers, Firewalls and VPN
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Can I use NAT with the IPSec VPN option?

 
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x IPSec
View previous topic :: View next topic  
Author Message
Support



Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland

PostPosted: Tue Jan 14, 03 11:30    Post subject: Can I use NAT with the IPSec VPN option? Reply with quote

Yes, but you must be sure to make a hole in SecureWall for UDP port 500 to be redirected internally. This allows the IKE authentication process to build an encrypted link between the two IPSec Endpoints.

There are 2 general options for using this.

1) You can configure the Encrypted connection using Transport mode which means the end of the communication is the remote MultiCom Firewall. This allows remote administration of the MultiCom Firewall. Additionally, you can use NAT to remap services to other servers on the LAN or DMZ but to the remote user it looks like the IP Address of the MultiCom's WAN interface is the server replying. For example, port 80 can be mapped to an internal web server. In this case you can still use the SecureWall to protect the WAN interface.

2) This second option has only been tested with the MultiCom SpeedSurf and the Ethernet Enterprise. You can use Tunnel mode to build a tunnel connection between 2 subnets and use NAT at the same time. See below for more information on this type of configuration. Additionally you will not be able to use the SecureWall since it would block incoming requests from the remote subnet. If you need to secure the WAN interface you will need to use the Stateful Filtering firewall.

The MultiCom Firewall can use NAT to redirect an encrypted request to the WAN interface to a computer on the LAN network. This can use Transport or Tunnel mode of IPSec, be sure to redirect UDP500 to the MultiCom Firewall if you use the SecureWall.

NOTE - With outgoing traffic NAT takes place before IPSec can encrypt the packet and with incoming traffic, NAT takes place just after IPSec has decrypted the packet.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x IPSec All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group