need to configure ipsec VPN tunnel with policy NAT

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
LeeR
DD-WRT Novice


Joined: 10 Dec 2009
Posts: 2

PostPosted: Thu Dec 10, 2009 14:40    Post subject: need to configure ipsec VPN tunnel with policy NAT Reply with quote
Help! Just got the following info today and need to have it working by tomorrow or have our Linksys WRT54G, running DD-WRT v24-sp1 replaced with a high-dollar, externally managed Cisco device. Any help you can give as far as how to configure would be much appreciated!!!

Peer address 75.32.90.130
Encryption Method: 3DES
Hash Method: SHA 1
DH group 2
Authentication is pre-share and your key is: xxxxx
Your only host address will be 10.0.0.47/32
Aggressive Mode: No
Subnet key negotiation: Disabled
Perfect Forward Secrecy: Disabled
Security Association (SA) Timers:
Renegotiate IKE SA every 86,400 seconds
Renegotiate IPSec SA every 28,800 second
Sponsor
jmounts79
DD-WRT User


Joined: 20 Sep 2007
Posts: 218

PostPosted: Thu Dec 10, 2009 15:11    Post subject: Reply with quote
You didnt specify what kind of VPN though, CLIENT or SITE to SITE.

Site to Site will require something on the other end that can talk to OpenVPN for it to work (IE watchguard/netscreen) and for a client you will need the openVPN client software on every machine that will come in on the IKE_VPN tunnel.

and when you say that supports NAT, i have to ask why?

normally youd just terminate the VPN connections to your LAN or a 2nd interface and route that to your lan, throwing nat into the VPN becomes messy and normally would only be used if you needed to host services at the other end of the VPN using a 1 to 1 NAT>VPN setup.
LOM
DD-WRT Guru


Joined: 28 Dec 2008
Posts: 7632

PostPosted: Thu Dec 10, 2009 15:20    Post subject: Re: need to configure ipsec VPN tunnel with policy NAT Reply with quote
LeeR wrote:
Help! Just got the following info today and need to have it working by tomorrow or have our Linksys WRT54G, running DD-WRT v24-sp1 replaced with a high-dollar, externally managed Cisco device.


I would go for the high-dollar Cisco device, your chance of getting the WRT54G running tomorrow if you have not setup an ipsec VPN tunnel on it before is quite slim..

WRT54G comes in many version, some of them with very limited amount of program memory.
The first thing you should check is if there is a dd-wrt version with VPN that fits in your router.
You are also running an ancient and buggy version of dd-wrt now so you will have to upgrade to a more recent build.

_________________
Kernel panic: Aiee, killing interrupt handler!
jmounts79
DD-WRT User


Joined: 20 Sep 2007
Posts: 218

PostPosted: Thu Dec 10, 2009 16:05    Post subject: Reply with quote
NEVER suggest Cisco.

if he wants a painless VPN solution watchguard is the way to go, he can get a core/peak and an Edge and setting up a VPN site to site will take less then 30 seconds after the routers are up and running.

and the price would be 1/3 of that of a cisco ASA type device.
LeeR
DD-WRT Novice


Joined: 10 Dec 2009
Posts: 2

PostPosted: Thu Dec 10, 2009 16:29    Post subject: Reply with quote
It is site to site. From our side, we will be the one accessing services available at the other end. Not sure why they need policy based NAT, but they say it is a requirement.
jmounts79
DD-WRT User


Joined: 20 Sep 2007
Posts: 218

PostPosted: Thu Dec 10, 2009 18:04    Post subject: Reply with quote
site to site is easy enough to setup.

but since there are services you need to access at the other side, before continuing, you should let us know what they are.

there are some services that will NOT work over a Nat based IKE VPN. Such as services that work on layer2 Broadcasts. VoIP services such as conference calls and LAMP notifications for Voicemail is one.


what is the device at the other end, we know that your side is a DD-WRT router (Running VPN i hope). Remember i said that the other side needs to be able to talk to OpenVPN for this to work.
vexas
DD-WRT Novice


Joined: 02 Oct 2008
Posts: 2

PostPosted: Sun Feb 21, 2010 18:20    Post subject: Watchguard to OPENvpn DD-wrt.... Reply with quote
Hey,

Anyone got a link to connect a Watchguard with the OPEN VPN site to site?

Or can give me a quick tutorial?

I have done pptp between the two devices, but not anything else.

Thanks in advance.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum