Re: OT: VPN passthru on a Cisco Router

From: Jay Hennigan (jay@west.net)
Date: Tue Jul 08 2003 - 12:41:12 GMT-3

• Next message: polarccie@yahoo.co.uk: "irb continued ---r1r2"
• Previous message: Adam Asay: "Re: autoinstall over frame"
• Maybe in reply to: Michael Snyder: "OT: VPN passthru on a Cisco Router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 8 Jul 2003, Michael Snyder wrote:

> I got a work related problem, wondering if anyone could give me a quick
> solution.
>
> Its a new customer, who as bought his own equipment. Now wants someone
> to make it work.
>
> ADSL-->(Public IP)(827 Router)(Private IP)-->(Private IP)(Netscreen
> 5)(Private IP)-->Office LAN
>
> Question, anyway to get the 827 to pass ESP to the netscreen VPN?
>
> I'm guessing it can't.

You'll have an issue with PAT as ESP protocol 50 doesn't function like
TCP or UDP in terms of ports. Your description doesn't indicate if the
827 is doing one-to-one NAT or PAT. It should work with one-to-one NAT.

If there's nothing else on the segment between the 827 and the Netscreen,
consider reconfiguring the 827 to not NAT and let the Netscreen handle
NAT, or at least use one-to-one NAT on the 827.

-- 
Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net
WestNet:  Connecting you to the planet.  805 884-6323      WB6RDV
NetLojix Communications, Inc.  -  http://www.netlojix.com/

• Next message: polarccie@yahoo.co.uk: "irb continued ---r1r2"
• Previous message: Adam Asay: "Re: autoinstall over frame"
• Maybe in reply to: Michael Snyder: "OT: VPN passthru on a Cisco Router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:28 GMT-3