Router to VPN Client with a Preshared Key and NAT

Jul 22,2008 00:00 by admin

Router to VPN Client with a Preshared Key and NAT

Complete the tasks outlined in this Practical Exercise. Also review the Practical Exercise solution to see how you did and to see what concepts you might need to review.

In this Practical Exercise, you are the administrator of a router that will be the terminating endpoint for VPNs from a VPN client.

Background Information

You will configure your router with the following options. Your router will issue the user an IP address from a pool of addresses, wildcard preshared keys, and NAT. This will allow an off-site user to gain access to your network and have an internal IP address, making it appear to the user that he or she is inside your network. Because you are using private addressing, NAT is involved, and your router must be told what to translate and what not to translate. You will use the topology shown in Figure 14-9.

Figure 14-9. Router to VPN Client with a Preshared Key and NAT

Task 1: Verify Compatibility with Existing Access Lists

To run IKE and IPSec, you need to ensure that any existing access lists are compatible with both protocols. Any existing access lists must allow the ports required by IKE and IPSec to pass through them.