Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
1
Replies

IPSEC through NAT

g.raymakers
Level 1
Level 1

‎03-12-2003 07:49 AM - edited ‎02-21-2020 12:24 PM

I need to setup an IPSEC session between two routers that can 'see'

eachother though a NAT router.

R1 --------- NAT ----------- R2

The IP addresses of both routers are statically NAT'ed.

From R1' point of view:

R1 = 10.1.1.1, R2 = 10.1.1.2

set peer on R1 = 10.1.1.2

From R2' point of view:

R2 = 172.18.1.1, R1 = 172.18.1.2

set peer on R2 = 172.18.1.2

Would the following transform-set work : esp-3des esp-md5-hmac between the two routers and through the NAT device?

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎03-12-2003 04:43 PM

Yep, that should work, as long as it's a one-to-one mapping and you point the peer to the NAT address (or the address that each uses to see each other).

Just don't use an AH transform cause that doesn't work thru a NAT device cause it checks the entire packet, including the source/dest IP address, and if this changes in between the two then it'll fail.

0 Helpful
Customers Also Viewed These Support Documents