Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1205
Views
5
Helpful
6
Replies

General VPN question

Go to solution
00u1a4mhonyhBNot75d7
Level 1
Level 1

‎07-20-2021 03:16 AM

Hi,

 

Pretty new in the VPN area, and the question is pretty standard knowledge in VPN i believe, but I hope I could get some knowledge and support here,

 

Trying to configure a VPN connection to my LAN through a gateway device. The gatway has a WAN port and a LAN port.

 

  • I have a machine running as VPN server with user control in windows - connected on the LAN side of the gatway.
  • The Gateway is connected to the internet through WAN side, internet is going through fine on the clients on LAN.
  • Configured Remote User VPN L2TP network on the gateway, directs the user control to the VPN server in LAN.
  • Connecting to the VPN using windows Radius VPN settings on my PC to a given IP address - gateway WAN address

 

First I tested the VPN using a simple internet router with wifi. The gateway WAN was connecting to this simple router and i connected my PC to the routers own wifi. I could then connect my PC with my VPN user through the gatway by pointing on the gatway WAN IP address (in Radius settings).

 

Now, instead the the gateway WAN side is now connected to a larger network behind NAT. My question is, where shall I point my PC VPN connection to ??- the Radius settings need and IP address to point at. I'm pretty lost here.  the question is - how do you point the VPN connection to that gateway from external internet connect,  by a public address or how ? 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
pieterh
VIP
VIP

‎07-20-2021 05:44 AM

the "larger network using NAT" may be unwilling to make your VPN server accessible, as this bypasses their own security

apart from above, look at the components separately
- the VPN server
- the radius server
- the authentication server that the radius server is pointing at (the radius itself does not do authentication, it is only an intermediate)

these probably all are local addresses within the LAN ?

 

the VPN server needs to be accessible from the "outside" 
-> the "larger network using NAT" should map a public IP incoming to the LAN IP of the VPN-server
if your own gateway also performs NAT the configuration is more complex,
then above should map to your gateway and your gateway should do a second NAT tot your LAN addresses

 

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
pieterh
VIP
VIP

‎07-20-2021 05:44 AM

the "larger network using NAT" may be unwilling to make your VPN server accessible, as this bypasses their own security

apart from above, look at the components separately
- the VPN server
- the radius server
- the authentication server that the radius server is pointing at (the radius itself does not do authentication, it is only an intermediate)

these probably all are local addresses within the LAN ?

 

the VPN server needs to be accessible from the "outside" 
-> the "larger network using NAT" should map a public IP incoming to the LAN IP of the VPN-server
if your own gateway also performs NAT the configuration is more complex,
then above should map to your gateway and your gateway should do a second NAT tot your LAN addresses

 

 

0 Helpful

Go to solution
00u1a4mhonyhBNot75d7
Level 1
Level 1
In response to pieterh

‎07-20-2021 05:55 AM

Hi pieterh,

Thanks for your reply.  

 

regarding VPN server accessible in the larger network,  yes that is something they have to allow the traffic of course, UDP port 500,4500 and 1701 should be forwarded to my gateway IP.

 

Correct, All components are placed on the LAN side. Only my gateway have a WAN side and is the VPN server, and is directing the VPN to the LAN side, that is tested to be working on the test setup.  

 

You are saying:  "the "larger network using NAT" should map a public IP incoming to the LAN IP of the VPN-server" 

 You mean to the WAN side of my VPN gateway  right ?      is this something they have to configure in their (owner of the larger network) router then ? does that means that you see the the WAN side of the gatway as it was directly connectet to the internet, can you please describe ?   

 

0 Helpful

Go to solution
pieterh
VIP
VIP
In response to 00u1a4mhonyhBNot75d7

‎07-20-2021 06:09 AM

Do i understand correct there is only one gateway involved? and this is the same device as the "VPN gateway" ?
Yes then it should map tot the WAN side of the VPN gateway
yes

- the vpn-client connects to the public ip

- the external network translates  this to the ip of the WAN interface

- the vpn-client needs no knowledge of the local ip of the WAN interface

0 Helpful

Go to solution
00u1a4mhonyhBNot75d7
Level 1
Level 1
In response to pieterh

‎07-20-2021 06:15 AM

yes, only one gateway.  this is the same device taking care of the VPN connection.  this gateway is on my administration.

 

So the "only" thing i need is that my gateway gets mapped a public internet IP address,  by the larger network provider   

 

 

 

0 Helpful

Go to solution
pieterh
VIP
VIP
In response to 00u1a4mhonyhBNot75d7

‎07-20-2021 06:21 AM

Yes, as far as I can tell from the info in the posts

0 Helpful

Go to solution
00u1a4mhonyhBNot75d7
Level 1
Level 1
In response to pieterh

‎07-20-2021 06:22 AM

thanks ! appreciate the help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card