Solved: easy vpn through nat

danny.carroll · ‎12-13-2010

Is there any trick to get users to connect to a easy vpn server through their home router (ie dlink with nat).

There must be a way with cisco. I know it's possible with other software i've used.

thanks

Dan

Jennifer Halim · ‎12-13-2010

yes, for outbound connection from your vpn client through dlink, it should be ok.

If you have firewall configured on your dlink, this is where you would need to allow UDP/500 and UDP/4500 outbound.

View solution in original post

Jennifer Halim · ‎12-13-2010

Firstly, you would need to enable NAT-T (NAT traversal) on the ezvpn server. This will allow the ESP packet be encapsulated into UDP/4500 which will pass through NAT routers.

On NAT routers, you would need to allow UDP/500 and UDP/4500. Hope that helps.

Some head-end (VPN3000 Concentrator for example) can encapsulate ESP into UDP/10000, or TCP/10000, so you would need to check the headend on what it defaults or if it is configured to be encapsulated into specific ports.

Hope that helps.

danny.carroll · ‎12-13-2010

ok. I'll try it out. I was confused and though it was for users going out through nat on cisco -> to the internet and then to a public address.

Makes sense now

Dan

danny.carroll · ‎12-13-2010

Will i be able to perform the connection without enabling 4500 on the dlink router.

ie

user -> dlink(nat) -> internet -> easy vpn server

Jennifer Halim · ‎12-13-2010

yes, for outbound connection from your vpn client through dlink, it should be ok.

If you have firewall configured on your dlink, this is where you would need to allow UDP/500 and UDP/4500 outbound.

danny.carroll · ‎12-22-2010

Thanks for the info. Worked like a charm.