RVS4000 VPN tunnel behind NAT?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by irodrigo, Apr 9, 2008.

  1. irodrigo

    irodrigo Addicted to LI Member

    Hi. I've searched and searched and haven't found a definitive answer.

    Can two RVS4000s establish a VPN tunnel if they are both behind NAT gateways (e.g. a couple of WRT54Gs)? If so, what ports need to be forwarded at said gateways to enable this?

    I've heard talk of enabling the DMZ setting in at least one of the WRT54Gs, but I really would like to only forward the necessary ports for each. Is this even possible in any way?

    If not, can I at least do this if only one of them is behind said gateway, and which ports would I need to forward in that case?

    Thanks so much! :)
  2. vpnuser

    vpnuser LI Guru Member

    There is a known issue with NAT Traversal - see item #4.

    RVS4000 Firmware v1.1.14 Release Note

    Issues Fixed:

    1. Fixed an IPSec VPN tunnel issue, where a tunnel cannot be established when both ends use DDNS for WAN connection.
    2. Fixed a frewall issue with ports 23 and 5190.
    3. Passed Vista Logo tests.

    Known Issues:

    1. QuickVPN Client v1.2.5 or newer, when running on Windows Vista, cannot connect to RVS4000 nor WRVS4400N when Vista is behind a Network Address Translation (NAT) device. The problem does not occur to QuickVPN Client running on Windows XP or 2000. This was caused by the change in Windows OS behavior. For more information, please see http://support.microsoft.com/kb/944335/en-us.

    2. There is a known issue with Windows XP SP2 Firewall - ICMP packets are always dropped by the Firewall when the Firewall is enabled. The issue will cause the QuickVPN Client not being able to establish a tunnel with the remote QuickVPN Server successfully. Microsoft has released a patch to fix this issue. Once you install the patch, the issue should be resolved.

    3. Saving the configuration of port forwarding or port triggering rules will cause the router to restart the firewall module, which can cause a temporary lockup of the router for 10-15 sec.

    4. RVS4000 behind a NAT device cannot establish an IPSec tunnel with another RVS4000.
    5. The IPv6 NAPT-PT feature does not work, which will cause IPv6 hosts not able to access IPv4 resources on the internet. Users are advised to use 6to4 when there are IPv6 hosts in the LAN.
    6. QoS Rate Control has no effect.
    7. DHCP Relay is not supported when when multiple VLANs are created.
    8. There exist some issues with SIP ALG, which may cause one-way audio problems.
  3. irodrigo

    irodrigo Addicted to LI Member

    Thanks vpnuser. That is very helpful. I suppose then that this will work if at some point they decide to fix this issue; it's not a limitation of the protocols being used or anything. Thanks for the info.
  4. kkanakis

    kkanakis Guest

    WRVS4400N Tunnel Probs

    I have 2 '4400's connecting via Internet (Branch to Corp). I have UP/UP on the VPN. One side is clean Internet connection / the other is internet through firewall dmz. Again VPN reports up/up on bothe 4400's. I can ping across one way and hit/miss . I think its a configuration of my Corp vlans that keep me from pinging the lan I need. Any thoughts?

    BTW-plain vpn tunnel of straight internet (cox) to internet (cox) [branch to branch] works perfectly and can map drives a and see all nodes...so concept works...I just have something blocking me somewhere...

    Thanks in advance...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice