Prestige 652H/HW Series User’s Guide
16-6
VPN
Screens
If the Prestige has its maximum number of simultaneous IPSec tunnels connected to it and they all have keep
alive enabled, then no other tunnels can take a turn connecting to the Prestige because the Prestige never
drops the tunnels that are already connected. Check
section 1.2 Features of the Prestige
in chapter 1 to see
how many simultaneous IPSec SAs your Prestige model can support.
When there is outbound traffic with no inbound traffic, the Prestige automatically
drops the tunnel after two minutes.
16.7 NAT Traversal
NAT traversal allows you to set up a VPN connection when there are NAT routers between the two IPSec
routers.
Figure 16-3 NAT Router Between IPSec Routers
Normally you cannot set up a VPN connection with a NAT router between the two IPSec routers because the
NAT router changes the header of the IPSec packet. In the previous figure, IPSec router A sends an IPSec
packet in an attempt to initiate a VPN. The NAT router changes the IPSec packet’s header so it does not
match the header for which IPSec router B is checking. Therefore, IPSec router B does not respond and the
VPN connection cannot be built.
NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet. The NAT router
forwards the IPSec packet with the UDP port 500 header unchanged. IPSec router B checks the UDP port
500 header and responds. IPSec routers A and B build a VPN connection.
16.7.1 NAT Traversal Configuration
For NAT traversal to work you must:
Use ESP security protocol (in either transport or tunnel mode).
Use IKE keying mode.
Enable NAT traversal on both IPSec endpoints.
In order for IPSec router A (see the figure) to receive an initiating IPSec packet from IPSec router B, set the
NAT router to forward UDP port 500 to IPSec router A.
Summary of Contents for Prestige 652H series
Page 32: ......
Page 50: ......
Page 66: ......
Page 68: ......
Page 76: ......
Page 80: ......
Page 120: ...Prestige 652H HW Series User s Guide 8 12 WAN Setup Figure 8 6 Advanced WAN Backup ...
Page 128: ......
Page 146: ......
Page 148: ......
Page 162: ......
Page 178: ...Prestige 652H HW Series User s Guide 13 16 Firewall Screens Figure 13 8 Rule Edit Example ...
Page 196: ......
Page 198: ......
Page 204: ......
Page 214: ...Prestige 652H HW Series User s Guide 16 10 VPN Screens Figure 16 5 VPN IKE ...
Page 227: ...Prestige 652H HW Series User s Guide VPN Screens 16 23 Figure 16 8 Manual Setup ...
Page 238: ......
Page 258: ......
Page 277: ...Maintenance VIII Part VIII Maintenance This part covers the maintenance screens ...
Page 278: ......
Page 296: ......
Page 298: ......
Page 308: ......
Page 324: ......
Page 330: ......
Page 386: ......
Page 406: ......
Page 418: ......
Page 428: ......
Page 450: ......
Page 454: ......
Page 464: ......
Page 470: ......
Page 486: ......
Page 494: ......
Page 500: ......
Page 512: ......
Page 516: ......
Page 520: ......
Page 560: ......
Page 574: ......