VPN s2s tunnel after PAT and NAT on non-cisco

Unanswered Question
May 26th, 2009


I have cisco 1711. on LAN there is ZYXEL firewall. I have tried to establish s2s tunnel betwenn this LAN zyxel and other Zyxel on the other side with WAN.


interface Serial0

description Polaczenie do Internetu$FW_OUTSIDE$

bandwidth 2048

ip address 80.50.92.xxx


ip nat pool PAT prefix-length 29


ip nat inside source static 213.77.105.xxx extendable

ZYXEL is LAN and NATed to 213.77.105.xxx

my qestion is:

is there posibility to establish s2s tunnel with host that in LAN has NATed to WAN address as above?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ybtheneonet Wed, 05/27/2009 - 02:34

So you're saying that your configuration is :

Zyxel (LAN ) -> 1711 -> Zyxel (WAN ) and you want to establish a l2l VPN tunnel between the LAN and WAN Zyxel firewalls and you're NATting the LAN Zyxel firewall to a WAN address?

If yes, then your answer is : Yes you can do a VPN but using NAT-Traversal. It's a technology where the IKE ports of the initiator and the responder are changed from their default value of 500 to 4500 in order to support NAT devices working in-between the VPN. If your Zyxel firewall supports NAT-T then there's a good chance this will work

grzegorz.niecka Wed, 05/27/2009 - 03:20

thnx for Your kindly reply.

On Zyxel VPN configuration screen I can "thick" option "NAT Travelsal" (now it is unthicked) but no additional configuration options.

Shall I perform additional configuration on 1711 to support Nat-Travelsal on Zyxel?

ybtheneonet Wed, 05/27/2009 - 06:04

Yeah try checking that option on the Zyxel firewall. On the 1711 there are no configurations required, just do the usual NAT. See if that works


This Discussion