Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
496
Views
0
Helpful
4
Replies

VPN 3005 behind Efficient SpeedStream 5660

nuria.villasenor
Level 1
Level 1

‎08-06-2002 01:52 AM - edited ‎02-21-2020 11:58 AM

Hi,

the vpn concentrator is connected to Internet through the Speedstream ADSL router. This adsl router is doing NAPT. How should I configure IPsec in the 3005 to work through the NAPT device? I was thinking of using IPsec over UDP. Which ports should be opened in the adsl router to allow ipsec traffic over upd/tcp in and out? Could you show me an example configuration?

Thanks in advance,

Nuria

Labels:
0 Helpful
4 Replies 4

engel
Level 2
Level 2

‎08-06-2002 03:18 AM

I am afraid that the Concentrator can not be put behind a NAT/NAPT device. As far as I know, the option of IPSec over UDP or IPSec over TCP is for a VPN Remote Client (Software of Hardware) to be able to pass through a NAT/NAPT device and terminate a VPN tunnel to the Concentrator. These options are not for a Concentrator behind a NAT device. Correct me if I am wrong.

Regards,

Engel

0 Helpful

jliscano
Level 1
Level 1
In response to engel

‎08-06-2002 05:20 AM

Engel is correct. It cannot be placed behind a NAT/NAPT device. You will need to remove the NAT/NAPT translation on the Efficient Speedstream on the LAN side. I am running the same thing but am using a Cisco IOS with 3DES for VPN with a Speedstream 5861. If all the Speedstream's are the same, telnet into the LAN of the Speedstream then type in:

#REM SETIPTRANSLATE OFF INTERNET <--disables NAT

#ETH IP ADDR <--makes the LAN IP the same as the WAN IP.

#SAVE

#REBOOT

Or you can call Efficient to verify the settings are the same for your model. Hope this helps.

Jerome

0 Helpful

nuria.villasenor
Level 1
Level 1
In response to jliscano

‎08-07-2002 12:47 AM

So as i have understood I have to disable NAT, but If I assign the public IP address to the interface ethernet, which address do I assign to the concentrator? I think it would be easier to configure speedstream as modem. Do you know something about this?

0 Helpful

jliscano
Level 1
Level 1
In response to nuria.villasenor

‎08-07-2002 09:48 AM

I dont know anything on configuring a Speedstream modem, but do you get dynamic or static IP from your ISP? If you get dynamic from your ISP, you might want to get static IP so that if you can get a pool of 6 public IP's ( /29 ), you can configure 1 IP for the Speedstream router and another IP for the Cisco Concentrator.

0 Helpful
Customers Also Viewed These Support Documents