VPN behind NAT
Hi
I have a remote location I want to connect to using a VPN
The problem is my local 3G/4G internet connection
The ISP I have for this internet connection gives my 3G router a private IP address, not the public IP. That public IP is somewhere in a router of my ISP, so I'm not able to make, or ask for, any kind of configuration at that router.
At this remote location I have a TPlink for 3G/4G connection and a Ubiquiti ER-X router
Is it still possible to make a site-to-site VPN with my WG T40?
0
Sign In to comment.
Comments
Hi @AntónioHenriques
If the ISP is able to forward all traffic from the public IP to your private IP, then it may be possible with Dynamic DNS. If both sides are getting nothing forwarded, you'd need to have both sites connect to a third site that has a public IP in order to accomplish this.
-James Carson
WatchGuard Customer Support
I have dyndns configured
But what I can not do is getting my ISP to make any changes to that internet connection.
If both connections are private IPs and neither forward the IPSec ports to the firewalls, you won't be able to do a dynamic tunnel. One of them has to be able to initiate the connection.
If you have any other site with a public IP, you can use that to connect the two together and bridge the routes using tunnel switching.
-James Carson
WatchGuard Customer Support
One of my sites has a public address, the site where I have the watchguard
Hi @AntónioHenriques
If you set the VPN up to go to the site with the public address, the other firewalls behind NAT can initiate the connection to do it.
If you need to get between two firewalls that are behind NAT, you can try using tunnel switching to do this:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/manual_bovpn_tunnel_switching_summary_wsm.html
-James Carson
WatchGuard Customer Support
Thank's James for your help. I'll try doing that