Options

VPN behind NAT

Hi

I have a remote location I want to connect to using a VPN
The problem is my local 3G/4G internet connection
The ISP I have for this internet connection gives my 3G router a private IP address, not the public IP. That public IP is somewhere in a router of my ISP, so I'm not able to make, or ask for, any kind of configuration at that router.
At this remote location I have a TPlink for 3G/4G connection and a Ubiquiti ER-X router

Is it still possible to make a site-to-site VPN with my WG T40?

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @AntónioHenriques
    If the ISP is able to forward all traffic from the public IP to your private IP, then it may be possible with Dynamic DNS. If both sides are getting nothing forwarded, you'd need to have both sites connect to a third site that has a public IP in order to accomplish this.

    -James Carson
    WatchGuard Customer Support

  • Options

    I have dyndns configured
    But what I can not do is getting my ISP to make any changes to that internet connection.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    If both connections are private IPs and neither forward the IPSec ports to the firewalls, you won't be able to do a dynamic tunnel. One of them has to be able to initiate the connection.

    If you have any other site with a public IP, you can use that to connect the two together and bridge the routes using tunnel switching.

    -James Carson
    WatchGuard Customer Support

  • Options

    One of my sites has a public address, the site where I have the watchguard

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @AntónioHenriques
    If you set the VPN up to go to the site with the public address, the other firewalls behind NAT can initiate the connection to do it.

    If you need to get between two firewalls that are behind NAT, you can try using tunnel switching to do this:

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/manual_bovpn_tunnel_switching_summary_wsm.html

    -James Carson
    WatchGuard Customer Support

  • Options

    Thank's James for your help. I'll try doing that

Sign In to comment.