Virtual Router/ Firewall/ VPN

Reply
New Contributor
Posts: 2
Registered: ‎05-23-2017

Interaction of NAT and IPsec-VPN on vRouter 5600

[ Edited ]

Hello
I have a question about interaction of NAT and IPsec-VPN on vrouter 5600

Regarding Interaction of NAT and IPsec-VPN,
it seems that specification is different between vrouter 5400 and vrouter 5600(5.2R5S3)
because the configuration same as vrouter 5400 didn't work.

In out system,
1.  2 sites are connected through IPsecVPN tunnel ,
2.  In both sites users communicate using global IP, so vrouter need to perform both IPsec-VPN and bidirectional NAT function.
3.  In vrouter configuration, IPsec tunnel is defined using local/prefix setting (not using VTI).

--In case of using vrouter 5400--
When I start communication from vrouter site to the opposite site or
when I start communication from the opposite site to vrouter site,  NAT with IPsec VPN works fine.


--In case of vrouter 5600--
When I start communication from vrouter site to the opposite site,
source NAT works but the packets doesn't go into the IPsec-VPN tunnel.
When I start communication from the opposite site to vrouter site,
the packets flow through the IPsec-VPN tunnel but destination NAT doesn't work

I'm concerned about the specification change from vrouter 5400 regarding interaction of NAT and IPsec-VPN.
Does anyone have information about this ?
Regarding interaction Between NAT, Routing, Firewall, I know the specifation change
( For example,
http://www1.brocade.com/downloads/documents/html_product_manuals/vyatta/vyatta_5600_manual_321R5/wwhelp/wwhimpl/js/html/wwhelp.htm#href=NAT/NAT%20Overview.2.17.html
)

Thank you .

(athirano1 from Japan)

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Download FREE NVMe eBook