the vpn concentrator is connected to Internet through the Speedstream ADSL router. This adsl router is doing NAPT. How should I configure IPsec in the 3005 to work through the NAPT device? I was thinking of using IPsec over UDP. Which ports should be opened in the adsl router to allow ipsec traffic over upd/tcp in and out? Could you show me an example configuration?
I am afraid that the Concentrator can not be put behind a NAT/NAPT device. As far as I know, the option of IPSec over UDP or IPSec over TCP is for a VPN Remote Client (Software of Hardware) to be able to pass through a NAT/NAPT device and terminate a VPN tunnel to the Concentrator. These options are not for a Concentrator behind a NAT device. Correct me if I am wrong.
Engel is correct. It cannot be placed behind a NAT/NAPT device. You will need to remove the NAT/NAPT translation on the Efficient Speedstream on the LAN side. I am running the same thing but am using a Cisco IOS with 3DES for VPN with a Speedstream 5861. If all the Speedstream's are the same, telnet into the LAN of the Speedstream then type in:
#REM SETIPTRANSLATE OFF INTERNET <--disables NAT
#ETH IP ADDR <--makes the LAN IP the same as the WAN IP.
Or you can call Efficient to verify the settings are the same for your model. Hope this helps.
So as i have understood I have to disable NAT, but If I assign the public IP address to the interface ethernet, which address do I assign to the concentrator? I think it would be easier to configure speedstream as modem. Do you know something about this?
I dont know anything on configuring a Speedstream modem, but do you get dynamic or static IP from your ISP? If you get dynamic from your ISP, you might want to get static IP so that if you can get a pool of 6 public IP's ( /29 ), you can configure 1 IP for the Speedstream router and another IP for the Cisco Concentrator.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :