IPSec Tunnel on XG 135W behind a FritzBox

Question

Hello, 
 I have the following configuration for doing some tests: 
 
 Fritz Box connected to 1&1 DSL. 
 XG 135W connected to internal LAN (192.168.178.0/24 of Fritzbox via DHCP. 
 The external Address of FritzBox is forwarded to the XG 135 WAN address (which is an DHCP Address of the Fritz Box LAN) Now I like to establish an IPSec Tunnel from a remote site to the XG 135 behind the FritzBox (which unfortunately doesn't run out of the box). The tunnel is between the external address of the remote site and the external address of the FritzBox which is forwarded to the external address of the XG 135W. Is this possible? If not is it possible to use the XG 135 as an replacement for the Fritz Box (I think that would be connecting the WAN interface to the 1&1 DSL directly (via PPoE??).

KingChris · Accepted Answer

Hi Bernd Feist 
 Yes both scenarios are entirely possible. 
 If you choose the first scenario, keeping the "FritzBox" in front of the XG, then you must forward ALL ports/services to the XG WAN port. I would suggest setting a static IP address on the WAN interface of the XG. 
 When creating the IPSec connection, I would choose to use IKEv2 as it handles double NAT'ted scenarios the best. When doing so, please ensure that you choose a "local ID" and set it as the WAN gateway IP address. If you do not have a static public IP on the "FritzBox", then you should choose to use a dynamic DNS service and then set "local ID" to DNS name. 
 If you choose the second scenario, please ensure you have the DSL module that we provide for the XG135 Rev3 device. This is due to the fact that your "FritzBox" is more than likely a DSL modem and as such may need that modulation/demodulation technology. 
 Thanks!