Wireless router for site to site VPN tunnel

Toggle sidebar Toggle sidebar
J

jenson_button

Commendable
Oct 26, 2016
4
0
1,510
Hi Guys,
Any advise would be appreciated. Public IP address is limited so I manage to get a data SIM card which provide me one public IP address on each site. My intention is to setup a site to site VPN. I don't want to use the wireless router SIM card as a termination point for both site. I have a juniper FW sitting behind the wireless router SIM card on both site which I want it to act as a VPN site to site termination point. Any advise how to do it and solution?
 
Solution
B
For some reason I am forgetting everything today. You have to map udp port 500 I think so the control stream can setup the session. The passthough will let the actual encrypted stream though dynamically. You pretty much just setup the session between the 2 actual ip even though your firewalls have private ip. You need to run it in NATT mode. This is what makes it work though a router, if you set it in strict mode you pretty much must have the firewall directly receiving the ip from ISP...ie it must be your router.
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,317
2,752
125,640
The easiest solution would be to define the firewalls as DMZ devices in each of the router. You could port map but the exact ports depend on what protocol you are going to use for VPN. The routers also likely need to have the vpn transparency option tuned on but most do by default. This is a feature that allows you to pass vpn "protocols" though.

It should be pretty simple if you have public ip addresses. The only thing that will not work is if you try to run IPSEC in strict mode since that will not tolerate the NAT of the data.
 
Upvote 0 Downvote
J

jenson_button

Commendable
Oct 26, 2016
4
0
1,510
Hi bill001g,
Thanks for your feedback.Can I just say as long as my wireless router that can support VPN passthrough I should able to redirect VPN traffic to the Juniper firewall sitting behind the wireless router ethernet port. VPN transparency= VPN passthrough?
 
Upvote 0 Downvote
J

jenson_button

Commendable
Oct 26, 2016
4
0
1,510
The juniper FW that I am using on both side should not be a concern right? I am using IPSEC VPN, the important part is the configuration on the wireless router that can support VPN passthrough to my Juniper FW since I have only one public address at each site. Correct me If I am wrong and appreciate your feedback.
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,317
2,752
125,640
For some reason I am forgetting everything today. You have to map udp port 500 I think so the control stream can setup the session. The passthough will let the actual encrypted stream though dynamically. You pretty much just setup the session between the 2 actual ip even though your firewalls have private ip. You need to run it in NATT mode. This is what makes it work though a router, if you set it in strict mode you pretty much must have the firewall directly receiving the ip from ISP...ie it must be your router.
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom