Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
378
Views
0
Helpful
1
Replies

site to site VPN, 1 side behind NAT with no port forwarding

p3tter123
Level 1
Level 1

ā€Ž08-10-2016 01:25 AM

Hi, I need some configuration help.

I have 1 router directly connected to internet, this will function as a VPN server and NAT to behind devices.

Router nr. 2 will be behind another NAT router. I want this router to connect to the VPN server as a client.

I dont have any control over the external NAT Router.

I need help for both routers to configure this :) 

<---Inside---VPNROUTER--->outside-----INTERNET-----<OUTSIDE---NAT ROUTER-----INSIDE>-------<VPN Client Router>

Labels:
0 Helpful
1 Reply 1

Terence Payet
Level 1
Level 1

ā€Ž08-15-2016 11:46 PM

Hi,

If you are building a site to site VPN across the internet. You will need a public ip address on both devices.

For the VPNROUTER its ok, cause it is directly connected to the internet and am assuming a static public ip address is configured.

As for the VPN Client, since it is behind a NAT router, there's some additional config which needs to be configured on the NAT Router in order to bring up the tunnel.

So basically you will need to gain access to the NAT router.

HTH.

Please rate helpful post.

Regards,

Terence

0 Helpful
Customers Also Viewed These Support Documents