VPN s2s tunnel after PAT and NAT on non-cisco

grzegorzniecka · ‎05-26-2009

hello!

I have cisco 1711. on LAN there is ZYXEL firewall. I have tried to establish s2s tunnel betwenn this LAN zyxel and other Zyxel on the other side with WAN.

cisco:

interface Serial0

description Polaczenie do Internetu$FW_OUTSIDE$

bandwidth 2048

ip address 80.50.92.xxx 255.255.255.252

...

ip nat pool PAT 213.77.105.248 213.77.105.252 prefix-length 29

...

ip nat inside source static 192.168.0.199 213.77.105.xxx extendable

ZYXEL is LAN 192.168.0.199 and NATed to 213.77.105.xxx

my qestion is:

is there posibility to establish s2s tunnel with host that in LAN has NATed to WAN address as above?

ybtheneonet · ‎05-27-2009

So you're saying that your configuration is :

Zyxel (LAN ) -> 1711 -> Zyxel (WAN ) and you want to establish a l2l VPN tunnel between the LAN and WAN Zyxel firewalls and you're NATting the LAN Zyxel firewall to a WAN address?

If yes, then your answer is : Yes you can do a VPN but using NAT-Traversal. It's a technology where the IKE ports of the initiator and the responder are changed from their default value of 500 to 4500 in order to support NAT devices working in-between the VPN. If your Zyxel firewall supports NAT-T then there's a good chance this will work

grzegorzniecka · ‎05-27-2009

thnx for Your kindly reply.

On Zyxel VPN configuration screen I can "thick" option "NAT Travelsal" (now it is unthicked) but no additional configuration options.

Shall I perform additional configuration on 1711 to support Nat-Travelsal on Zyxel?

ybtheneonet · ‎05-27-2009

Yeah try checking that option on the Zyxel firewall. On the 1711 there are no configurations required, just do the usual NAT. See if that works