Adtran IPsec VPN Pass-through on TA 600 Owner manual

Configuring Port Forwarding for IPsec VPN Pass-through on

TA 600s Performing NAT

Overview:

The TA 600 can support pass-through of a single VPN tunnel. If more than one tunnel is attempted, no tunnel will work properly.

This guide assumes that NAT is already configured and working properly on the TA

600.

Configuration Steps:

1. Configure the translation table entry for ISAKMP

2. Configure the translation table entry for IPsec NAT-Traversal

3. Configure the translation table entry for ESP (Encapsulated Security Payload)

Configure the translation table entry for ISAKMP

1. Enter the NAT menu by pressing Ctrl+N

2. Arrow down to Translation Table and hit Enter

3. Press the right arrow key and then hit Enter with the index number highlighted. If you already have an entry in the Translation Table, press the letter i to add a blank entry, and then hit Enter.

4. If the IP address you will be bringing the tunnel up to is the same IP address that is on your WAN interface, leave Public Address Mode set to NAPT Addr. If the public address you are bringing the tunnel up to is different from the IP on your

WAN interface, change the Public Address Mode to Specified and then set the IP address.

-- or --

5. Next, set the Protocol Mode to TCP or UDP

6. Then set the Public Port Mode to Specified

7. Then set Public Port Start and Public Port End to 500. Public Port End should be filled in automatically when you enter Public Port Start.

8. Set Private Address Mode to Specified.

9. Set Private Address to the address that you want the VPN traffic to be forwarded to. In this example, we are using 192.168.1.253.

10. Set Private Port Mode to Specified. Private Port should automatically populate with 500 when Private Port Mode is set to Specified. However, if this does not happen, set Private Port to 500.

11. Press the letter h to get back to the main menu so that the config will be saved

Configure the translation table entry for IPsec NAT-Traversal

1. Enter the NAT menu by pressing Ctrl+N

2. Arrow down to Translation Table and hit Enter

3. Press the right arrow key and then press highlight the index number of the entry you just created for PPTP. Then press the letter c to copy the values from that translation table entry.

4. Next, press the letter i to add a blank translation table entry. With the index number of the blank entry highlighted (which should happen automatically), press the letter p to past the contents you just copied from the other entry. This will allow the translation table entry for GRE to be created more easily. After pressing the letter p, hit Enter to display the translation table entry.

5. Next, change the Public Port End to 4500. Then change the Public Port Start to

4500. Note that the Public Port End must be changed before the Public Port

Start.

6. Change the Private Port to 4500

7. Press the letter h to get back to the main menu so that the config will be saved.

Configure the translation table entry for ESP (Encapsulated Security Payload)

1. Enter the NAT menu by pressing Ctrl+N

2. Arrow down to Translation Table and hit Enter

3. Press the right arrow key and then press highlight the index number of the entry you created for ISAKMP. Then press the letter c to copy the values from that translation table entry.

4. Next, press the letter i to add a blank translation table entry. With the index number of the blank entry highlighted (which should happen automatically), press the letter p to past the contents you just copied from the other entry. This will allow the translation table entry for GRE to be created more easily. After pressing the letter p, hit Enter to display the translation table entry.

5. Next, change the Protocol Mode to Specified

6. Set the Protocol to 50

Press the letter h to get back to the main menu so that the config will be saved.