Small business routers and VPN behind NAT

mario_kmc · ‎08-07-2013

Hi all,

Didn't know wether I should open a discussion here or on security but...

I'm looking for smal business routers to be used in small branches and create site-to-site VPN's to a central location firewall (Checkpoint) with public IP's.

Additional detail is that these routers will be behind WiMAX routers doing NAT.

Can any or all of the RV*** routers work behind NAT? Will NAT creat unsolvable problems for me?

I have plenty experience with routing experience but none with tunnels and IPSec VPN's.

Thank you

Tom Watts · ‎08-07-2013

Hi Mario, this answer is yes, it should not be any problem. Most failures on this set up is because the upstream router is not properly configured for port forwarding to allow the vpn connection and the vpn routers do not point to the correct address to route over the internet to each other.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

mario_kmc · ‎08-08-2013

Hi Tom,

Thanks very much. I feel very good reading that. Port forwarding won't be a problem. Can you tell what ports need to be forwarded? I now about UDP500 for IKE phase I (I think).

Also, are the RV* configured for NAT by default?

Mario

Tom Watts · ‎08-08-2013

Hi Mario, the RV router is configured for NAT by default.

udp 4500 is the other port.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

mario_kmc · ‎08-08-2013

Tom,

Many thanks, you were very helpful. I'm gonna research a bit more a look for the best one for us. Shouldn't need to much very small branches max 10 persons.