How To Apply NAT over Site-to-Site VPN connection

Similar documents
How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

How To Configure L2TP VPN Connection for MAC OS X client

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

How To Configure Syslog over VPN

ZyWALL USG-Series. How to setup a Site-to-site VPN connection between two ZyWALL USG series.

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

How To Configure Apple ipad for Cyberoam L2TP

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

How To Configure Virtual Host with Load Balancing and Health Checking

This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

Using IPsec VPN to provide communication between offices

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

How To Configure SSL VPN in Cyberoam

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Configuring IPsec VPN between a FortiGate and Microsoft Azure

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Based on the VoIP Example 1(Basic Configuration and Registration), we will introduce how to dial the VoIP call through an encrypted VPN tunnel.

Scenario 1: One-pair VPN Trunk

How to access peers with different VPN through IPSec. Tunnel

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

Balancing and Gateway Failover

ISG50 Application Note Version 1.0 June, 2011

RouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Connecting Remote Offices by Setting Up VPN Tunnels

How To Configure An Ipsec Tunnel On A Network With A Network Gateways (Dfl-800) On A Pnet 2.5V2.5 (Dlf-600) On An Ipse Vpn

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Katana Client to Linksys VPN Gateway

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

How do I set up a branch office VPN tunnel with the Management Server?

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

How To Industrial Networking

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Connecting an Android to a FortiGate with SSL VPN

VPN L2TP Application. Installation Guide

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

How To Block Unauthorized Internet Access through Proxies

Internet. SonicWALL IP SEV IP IP IP Network Mask

Configuring SSH Sentinel VPN client and D-Link DFL-500 Firewall

IPsec VPN Application Guide REV:

Creating a VPN with overlapping subnets

Chapter 6 Virtual Private Networking

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

Chapter 4 Virtual Private Networking

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Configure VPN between ProSafe VPN Client Software and FVG318

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

VPN Tracker for Mac OS X

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

VPN Tracker for Mac OS X

Zeroshell: VPN Host-to-Lan

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Configuring a FortiGate unit as an L2TP/IPsec server

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Configuring a VPN for Dynamic IP Address Connections

GajShield UPTM Certification Module 4. GajShield Infotech Pvt Ltd

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

VPN Tracker for Mac OS X

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

V310 Support Note Version 1.0 November, 2011

Micronet SP881. TheGreenBow IPSec VPN Client Configuration Guide.

This chapter describes how to set up and manage VPN service in Mac OS X Server.

7. Configuring IPSec VPNs

Chapter 9 Monitoring System Performance

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

intelligence at the edge of the network EdgeBOX V4.3 VPN How-To

Configure IPSec VPN Tunnels With the Wizard

TechNote. Configuring SonicOS for MS Windows Azure

Chapter 6 Basic Virtual Private Networking

Setting up D-Link VPN Client to VPN Routers

REMOTE ACCESS VPN NETWORK DIAGRAM

Scenario: Remote-Access VPN Configuration

Route Based Virtual Private Network

Using Opensource VPN Clients with Firetunnel

Transcription:

How To Apply NAT over Site-to-Site VPN connection How To Apply NAT over Site-to-Site VPN connection Applicable Version: 10.00 onwards Scenario Consider the following network wherein both the Head Office (HO) LAN and the Branch Office (BO) LAN have the same internal IP schema. Network Parameters HO Network details BO Network details Local Server (WAN IP address) 192.168.20.105 Local LAN address 172.16.16.0/24 Local NATted Address 172.16.15.0/24 VPN server (WAN IP address) 192.168.20.191 LAN Network 172.16.16.0/24 NATted Address 172.16.17.0/24 As a result, the VPN endpoints fail to differentiate between own network and remote network. Any request initiated from HO destined for BO would be served within HO itself and vice versa. For example, a host from HO initiates a request to host 172.16.16.10 in BO, but it is responded by Host 172.16.16.10 in the HO itself because the endpoint cannot differentiate between HO LAN and BO LAN. As a solution to this, Cyberoam provides NATting over VPN which allows Cyberoam to assign Dummy LAN IP address (NATted LAN) to differentiate between LANs at both ends. This article describes how you can configure an IPSec Connection using NATted LANs.

HO Configuration The configuration is to be done from HO Cyberoam Web Admin Console using profile having readwrite administrative rights for relevant feature(s). Step 1: Create IPSec Connection To create a new IPSec connection, go to VPN > IPSec > Connection and click Add. Create the connection using the following parameters. Parameter Description Parameter Value Description Name HO_to_BO Name to identify the IPSec Connection Connection Type Site to Site Select Type of connection. Available Options: Remote Access Site to Site Host to Host Policy DefaultHeadOffice Select policy to be used for connection Action on VPN Restart Respond Only Authentication details Authentication Type Preshared Key Preshared Key 123456789 Endpoints Details Select the action for the connection. Available options: Respond Only Initiate Disable Select Authentication Type. Authentication of user depends on the connection type. Preshared key should be the same as that configured in remote site. Local PortB-192.168.20.105 Select local port which acts as end-point to the tunnel Remote 192.168.20.191 Specify IP address of the remote endpoint. Local Network Details Local Subnet 172.16.15.0/24 Select Local LAN Address. Add and Remove LAN

NATed LAN 172.16.16.0/24 If NAT Local LAN is configured, select IP Host or Network Host from the available list. IP Host can also be added by clicking on the Add IP Host link. Remote Network Details Remote LAN Network 17.16.17.0/24 Select Remote LAN Address. Add and Remove LAN Click OK to create IPSec connection.

Step 2: Activate Connection On clicking OK, the following screen is displayed showing the connection created above. Click under Status (Active) to activate the connection. BO Configuration The configuration is to be done from BO Cyberoam Web Admin Console using profile having readwrite administrative rights for relevant feature(s). Step 1: Create IPSec Connection To create a new IPSec connection, go to VPN > IPSec > Connection and click Add. Create the connection using the following parameters.

Parameter Description Parameter Value Description Name BO_to_HO Name to identify the IPSec Connection Connection Type Site to Site Select Type of connection. Available Options: Remote Access Site to Site Host to Host Policy DefaultBranchOffice Select policy to be used for connection Action on VPN Restart Authentication details Authentication Type Initiate Preshared Key Preshared Key 123456789 Endpoints Details Select the action for the connection. Available options: Respond Only Initiate Disable Select Authentication Type. Authentication of user depends on the connection type. Preshared key should be the same as that configured in remote site. Local PortB-192.168.20.191 Select local port which acts as end-point to the tunnel Remote 192.168.20.105 Specify IP address of the remote endpoint. Local Network Details Local Subnet 172.16.17.0/24 NATed LAN 172.16.16.0/24 Remote Network Details Remote LAN Network 172.16.15.0/24 Select Local LAN Address. Add and Remove LAN If NAT Local LAN is configured, select IP Host or Network Host from the available list. IP Host can also be added by clicking on the Add IP Host link. Select Remote LAN Address. Add and Remove LAN

Step 2: Activate and Establish Connection On clicking OK, the following screen is displayed showing the connection created above.

Click under Status (Active) and Status (Connection). The above configuration establishes an IPSec connection between the HO and BO. Note: Make sure that Firewall Rules that allow LAN to VPN and VPN to LAN traffic are configured. In a Head Office and Branch Office setup, usually the Branch Office acts as the tunnel initiator and Head Office acts as a responder due to following reasons: Since Branch Office or other Remote Sites have dynamic IPs, Head Office is not able to initiate the connection. As there can be many Branch Offices, to reduce the load on Head Office it is a good practice that Branch Offices retries the connection instead of the Head Office retrying all the branch office connections. Document Version 1.3 11 July, 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information