I need some help with an ipsec-connection. Connection on online but i have problems with Nat. Ok, here are the details:
1. VPN Settings:
IKE Policy
MEA: AES256
MIA: SHA1
PAM: Pre-shared secret (via SMS)
DHG: Group 2 (1024 bit)
IKE Lifetime: 8 hours (28,800 seconds)
Aggressive moe: disabled
IPSec Parameters
Mech. f. payload enc.: ESP
ESP Transf.: AES256
Data Int.: SHA1
SA Lifetime: 1 hours (3,600 seconds) / 0 byte
PFS: disabled
2. Network Settings:
Destination Peer IP: 62.12.13.130
Source Peer IP: 217.12.13.161
3. Encryption Domain:
This table details the IP traffic which the VPN gateway will encrypt/decrypt. This table could specify individual hosts but should preferrably specify networks e.g. if host 10.1.1.1 needs access to host 10.2.2.2 this table should list 10.1.1.0/24 and 10.2.2.0/24 as the source and destination. More granular access i.e. specific host to specific host on specific ports should be defined in the “Access Control Rules“ table below.
Destination: 10.19.19.0/24 ; 10.19.18.0/24 ; 10.19.5.0/24
Source: 10.16.13.0/24
4. Source NAT on Source-Site:
Destionation communicate only to 10.16.0.0/16 Networks on Site to Site VPN. The NAT must be configured on the gateway at the customers end.
Customer Base Adress: 192.168.10.0/24
Customer NAT Adress: 10.16.13.0/24
5. Access Controll Rules:
Souce: 10.16.13.0/24 to Destination: 10.19.19.0/24 with tcp8091,tcp1495
Source: 10.16.13.0/24 to Destination 10.19.18.0/24 with tcp8091,tcp1495
Source: 10.16.13.0/24 to Destination 10.19.5.11/32 with tcp2000
Source: 10.16.13.0/24 to Destination 10.19.5.12/32 with tcp2200
Step 1 and 2 are already done! The connection is online.
But I have some problems to make the right settings for Step 3-4.
Step 5 is no problem (creating Firewall-Rules).
Anybody here who wants to help me?
Best regards!
This thread was automatically locked due to age.
