This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN tunnel via NATed interface works only in one direction

Hi together,

we're having the problem that we can only establish a VPN connection in one direction. The second VPN gateway is behind a NATed router.
Behavior:
Traffic from Net2 can successfully establish VPN tunnel. Data transfer from both sides works fine.

Traffic from Net1 will not establish the tunnel. But initial handshake on gateways is OK. Data connection on port 50 fails!

A 'telnet' on port 50 from Net1 reaches the inteface on the Astaro firewall (ASL2.0)
NO(!) data traffic on port 50 from VPNGW reaches the ASL2.0 interface.

The configuration looks like:
Net1->VPNGW->Internet->Cisco827->ASL2.0->Net2

Details:
VPNGW= SUSE Free S/WAN, public IP
ASL2.0= VPN gateway, private IP
Cisco 827=IOS12.2(no accesss lists,VPN passthrough, DNAT for ports tcp50, udp500)

Many thanks in advance for your input on this!

wowo

This thread was automatically locked due to age.

Parents

0 Polluxxx over 23 years ago

Hi Wowo,

IPSec or VPN in general is not easy to be ne NATed.

IPSec as used in Astaro uses the ESP Protocol proto/50 for the data connection and IKE udp/500 for the authentication.

You have to make sure that the Cisco correctly handles this connections.

What do the Logfiles of the freeswan gateay that doesn't tell you?

Kind regards
Polluxxx
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Polluxxx over 23 years ago

Hi Wowo,

IPSec or VPN in general is not easy to be ne NATed.

IPSec as used in Astaro uses the ESP Protocol proto/50 for the data connection and IKE udp/500 for the authentication.

You have to make sure that the Cisco correctly handles this connections.

What do the Logfiles of the freeswan gateay that doesn't tell you?

Kind regards
Polluxxx
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data