Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
4
Replies

VPN configuration for overlapping networks

admin_2
Level 3
Level 3

‎03-10-2004 01:42 PM - edited ‎02-21-2020 01:04 PM

I have the following scenario:

Client-->Cable/DSL Router-->Internet--->Company Router-->PIX--Internal Network

1. The client network address is 192.168.1.x.

2. The Cable router is receiving an address from the ISP and performing NAT.

3. The Company router and PIX have external addresses.

4. The internal network is 192.168.1.x.

5. The PIX is performing NAT and PAT.

The problem is as follows:

I can connect the 4.0 VPN client to the PIX/VPN and authenticate and establish the tunnel. However, I am unable to access any resources. I am pretty sure that this problem arises because the client machine is looking locally for the address of our Exchange(i.e.192.168.1.14) server rather than going across the VPN.

If I change the Client side address to 192.168.2.x, I am able to connect to all resources.

Will using the "isakmp nat-traversal" command solve this problem? Changing the settings at home is no problem. However, on the road, most hotels, i.e Marriott, use private address of 192.168.1.x and this causes a lot of problems.

Thanks.

Labels:
0 Helpful
4 Replies 4

owillins
Level 6
Level 6

‎03-16-2004 04:18 PM

During NAT-T negotiations, both the IPSec peers negotiate the UDP ports and also determine if they are behind a NAT/PAT device. NAT-T autodetects any NAT devices, and only encapsulates IPSec traffic when necessary. This feature is used to addresses the known incompatibilities between NAT and IPSec. Using this should help in your case.

0 Helpful

Not applicable
In response to owillins

‎04-13-2004 12:50 PM

Unfortunately, this does not seem to be the answer.

I have checked the Transparent Tunneling box for "IPSec over UDP NAT/PAT" on the client's Transport Tab. This did not work either. I do not want to involve my consultants or Cisco, if I don't have to. Any ideas?

Tony

0 Helpful

Not applicable

‎04-14-2004 12:27 AM

I also have a similar situation to this, where I have the following scenario:

Client--> Local LAN--> LAN Gateway--> Satellite Broadband-->Internet--->Company Router--> Internal Network

The problem is also as follows:

I can connect the 4.0 VPN client to the VPN and authenticate and establish the tunnel. However, I am unable to access any resources.

Cannot PIN my Exchange or other services at the Company etc...

Any help on this or ????

PS: My Local LAN has a Proxy Server - ComTun 4.5a which I go through with NAT et al

0 Helpful

support
Level 1
Level 1
In response to

‎09-21-2004 11:53 PM

Have you got any solution to the problem mentioned, i am facing an exactly similar issue at this moment.

Any suggestion in this regard would be appreciated.

Thanks

0 Helpful
Customers Also Viewed These Support Documents