Bidirectional NAT For NMS
2 minute read
On the Router
- Go to VPN.
- Select IPsec.
- Select the green “Add P1” button on the bottom left.
- Select the below settings for the Tunnel Phase 1:
- Key Exchange version: IKEv1
- Internet Protocol: IPv4
- Interface: WAN-VIP
- Remote Gateway: IP of NMS firewall
- Description: AIS NMS
- Authentication Method: Mutual PSK
- Negotiation Mode: Main
- My identifier: IP Address VIP address
- Peer identifier: Peer IP Address
- Pre-Shared Key: Create a new Pre-Shared Key
- Encryption Algorithm: AES SHA256 2 (1024 bit)
- Lifetime: 28800
- NAT Transversal: Auto
- Dead Peer Detection: Enable DPD checked
- Delay: 10
- Max failures: 50
- Select the below settings for the Tunnel Phase 2:
- Mode: Tunnel IPv4
- Local Network: Network / Local Subnet
- NAT/BINAT translation: Network / Subnet to be used on NMS
- Remote Network: NMS Network
- Protocol: ESP
- Encryption Algorithms: AES
- Hash Algorithms: SHA256
- PFS key group: off
- Lifetime: 86400
- Automatically ping host: NMS Internal IP
On the NMS Firewall
- Go to VPN.
- Select IPsec.
- Select the green “Add P1” button on the bottom left.
- Select the below settings for the Tunnel Phase 1:
- Key Exchange version: IKEv1
- Internet Protocol: IPv4
- Interface: WAN
- Remote Gateway: IP of client VIP
- Description: Client Name
- Authentication Method: Mutual PSK
- Negotiation Mode: Main
- My identifier: IP Address of NMS firewall
- Peer identifier: Peer IP Address
- Pre-Shared Key: Pre-Shared Key created on client firewall
- Encryption Algorithm: AES SHA256 2 (1024 bit)
- Lifetime: 28800
- NAT Transversal: Auto
- Dead Peer Detection: Enable DPD checked
- Delay: 10
- Max failures: 50
- Select the below settings for the Tunnel Phase 2:
- Mode: Tunnel IPv4
- Local Network: LAN Subnet
- NAT/BINAT translation: None
- Remote Network: Binat network
- Protocol: ESP
- Encryption Algorithms: AES
- Hash Algorithms: SHA256
- PFS key group: off
- Lifetime: 86400
- Automatically ping host: Blank
Last modified
June 14, 2021