Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

VPN s2s tunnel after PAT and NAT on non-cisco

hello!

I have cisco 1711. on LAN there is ZYXEL firewall. I have tried to establish s2s tunnel betwenn this LAN zyxel and other Zyxel on the other side with WAN.

cisco:

interface Serial0

description Polaczenie do Internetu$FW_OUTSIDE$

bandwidth 2048

ip address 80.50.92.xxx 255.255.255.252

...

ip nat pool PAT 213.77.105.248 213.77.105.252 prefix-length 29

...

ip nat inside source static 192.168.0.199 213.77.105.xxx extendable

ZYXEL is LAN 192.168.0.199 and NATed to 213.77.105.xxx

my qestion is:

is there posibility to establish s2s tunnel with host that in LAN has NATed to WAN address as above?

3 REPLIES
New Member

Re: VPN s2s tunnel after PAT and NAT on non-cisco

So you're saying that your configuration is :

Zyxel (LAN ) -> 1711 -> Zyxel (WAN ) and you want to establish a l2l VPN tunnel between the LAN and WAN Zyxel firewalls and you're NATting the LAN Zyxel firewall to a WAN address?

If yes, then your answer is : Yes you can do a VPN but using NAT-Traversal. It's a technology where the IKE ports of the initiator and the responder are changed from their default value of 500 to 4500 in order to support NAT devices working in-between the VPN. If your Zyxel firewall supports NAT-T then there's a good chance this will work

New Member

Re: VPN s2s tunnel after PAT and NAT on non-cisco

thnx for Your kindly reply.

On Zyxel VPN configuration screen I can "thick" option "NAT Travelsal" (now it is unthicked) but no additional configuration options.

Shall I perform additional configuration on 1711 to support Nat-Travelsal on Zyxel?

New Member

Re: VPN s2s tunnel after PAT and NAT on non-cisco

Yeah try checking that option on the Zyxel firewall. On the 1711 there are no configurations required, just do the usual NAT. See if that works

232
Views
0
Helpful
3
Replies
CreatePlease to create content