Virtual Router/ Firewall/ VPN

Reply
New Contributor
Posts: 2
Registered: ‎05-23-2017

Interaction of NAT and IPsec-VPN on vRouter 5600

[ Edited ]

Hello
I have a question about interaction of NAT and IPsec-VPN on vrouter 5600

Regarding Interaction of NAT and IPsec-VPN,
it seems that specification is different between vrouter 5400 and vrouter 5600(5.2R5S3)
because the configuration same as vrouter 5400 didn't work.

In out system,
1.  2 sites are connected through IPsecVPN tunnel ,
2.  In both sites users communicate using global IP, so vrouter need to perform both IPsec-VPN and bidirectional NAT function.
3.  In vrouter configuration, IPsec tunnel is defined using local/prefix setting (not using VTI).

--In case of using vrouter 5400--
When I start communication from vrouter site to the opposite site or
when I start communication from the opposite site to vrouter site,  NAT with IPsec VPN works fine.


--In case of vrouter 5600--
When I start communication from vrouter site to the opposite site,
source NAT works but the packets doesn't go into the IPsec-VPN tunnel.
When I start communication from the opposite site to vrouter site,
the packets flow through the IPsec-VPN tunnel but destination NAT doesn't work

I'm concerned about the specification change from vrouter 5400 regarding interaction of NAT and IPsec-VPN.
Does anyone have information about this ?
Regarding interaction Between NAT, Routing, Firewall, I know the specifation change
( For example,
http://www1.brocade.com/downloads/documents/html_product_manuals/vyatta/vyatta_5600_manual_321R5/wwhelp/wwhimpl/js/html/wwhelp.htm#href=NAT/NAT%20Overview.2.17.html
)

Thank you .

(athirano1 from Japan)

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook