What Ports/Protocols to map through NAT for VPN Concentrator?

jeffrey.girard · ‎09-03-2008

I have a VPN concentrator behind a NAT router (model 2621XM). The VPN concentrator is at the edge of my lab network. While travelling, I want to be able to use a VPN Client on a Windows box to traverse my NAT router and connect to my VPN concentrator so that I can then access my lab network remotely. I now that I need to create a static NAT translation in my IOS router. What ports/protocols do I need to statically map?

Jeff

Marwan ALshawi · ‎09-03-2008

esp, udp 500 or isakmp, udp 4500

good luck

if helpful Rate

jeffrey.girard · ‎09-09-2008

OK, I statically mapped through my NAT esp, udp 500 and udp 4500. Still nothing. The VPN client attemps to connect and then reports Reason 412: The remote peer is no longer responding.

I have attached the config from my NAT router and the log from the VPN client as well as the output as debug IP nat as I ran a connection attempt. I have set the VPN client to: Enable Transparent Tunneling and using IPSec over UDP (NAT/PAT). I have checked the log of the VPN concentrator and it does not appear that any connection attempt is being made - hence I dont think that I am making it through the NAT correctly.

Jeff

singhsaju · ‎09-04-2008

Hello,

Note: that you will need one single dedicated ip for esp as it has no ports .

HTH

Saju