Title: How to configure IPsec VPN with NAT Traversal on firewall? [Print this page] Author: zhangqiao@ruiji Time: 2024-11-28 10:23 Title: How to configure IPsec VPN with NAT Traversal on firewall? Service Demands
In a scenario of IPsec VPN with NAT traversal, static NAT (SNAT) needs to be deployed for Spoke A to initiate a connection with the hub site, and dynamic NAT (DNAT) needs to be deployed for the hub site. Figure shows the typical networking diagram.
Restrictions and Guidelines
In IPsec, the default port that supports NAT traversal is UDP port 4500. A custom port is not supported.
Prerequisites
You have completed basic network configurations, including interface IP address and routing information on routers and servers.
Using a Configuration Wizard
Configuring the Hub Site
(1) Perform basic configuration.
(a) Choose Network> IPsec VPN > Config Wizard. The basic configuration page of the configuration wizard is displayed.
(b) Set Scenario to Point-to-Multipoint, and set the other parameters according to the following figure.
(c) After completing the configuration, click Next.
(2) Configure authentication.
(a) Configure parameters according to the following figure.
(b) After completing the configuration, click Next.
(3) Configure interesting traffic.
(a) Click Create. Configure parameters for interesting traffic according to the following figure.
(b) After completing the configuration, click Next.
(4) Verify Configuration.
(a) After verifying the configuration, click Finish.
Configuring Spoke A
(1) Perform basic configuration
(a) Choose Network> IPsec VPN > Config Wizard. The basic configuration page of the configuration wizard is displayed.
(b) Set Scenario to Point-to-Point, and set the other parameters according to the following figure.
(c) After completing the configuration, click Next.
(2) Configure authentication.
(a) Configure parameters according to the following figure.
(b) After completing the configuration, click Next.
(3) Configure interesting traffic.
(a) Click Create. Configure parameters for interesting traffic according to the following figure.
(b) After completing the configuration, click Next.
(4) Verify configuration.
(a) After verifying the configuration, click Finish.
Welcome to Ruijie Community (https://community.ruijienetworks.com/)
