Hi all,
Our company uses Astaro gateways (hardware) at both sites, and we want to connect 2 sites using VPN. Before pushing them into production, we build a lab to test the VPN function of Astaro gateway. The result is that site to site VPN connection fails whenever there is a NAT device in between, whether we use SSL or IPsec VPN (though Astaro gateway supports NAT-Traversal by default). It means that if the Astaro VPN gateway is behind a NAT device (like a NAT modem), then VPN fails; if we remove all NAT device in between then VPN works.
The problem is that our branch office use a NAT modem to connect to Internet via FTTH (fiber to the home). With FTTH, we cannot connect Astaro VPN gateway directly to Internet without going through a modem to avoid problem with NAT. So branch office is behind NAT (while head office is not), and VPN fails.
Branch's LAN ---> Astaro gateway 1 ---> FTTH modem (NAT) ---> Internet <--- Astaro gateway 2 <--- Head Office's LAN
Does anyone here meet the same problem ? Can you suggest a solution for this VPN problem behind NAT ? or We have to remove NAT device in between to enable site to site VPN ?
Btw, do you think we can connect Astaro gateway directly to Internet using FTTH, or we have to change to use leased line or other type of WAN connection to make this possible ? Can we configure the FTTH modem (we use TP-Link) in bridge mode to avoid NAT ?
I really need help.
Look forward to hearing from you all.
Thanks a lot.
Minh
Our company uses Astaro gateways (hardware) at both sites, and we want to connect 2 sites using VPN. Before pushing them into production, we build a lab to test the VPN function of Astaro gateway. The result is that site to site VPN connection fails whenever there is a NAT device in between, whether we use SSL or IPsec VPN (though Astaro gateway supports NAT-Traversal by default). It means that if the Astaro VPN gateway is behind a NAT device (like a NAT modem), then VPN fails; if we remove all NAT device in between then VPN works.
The problem is that our branch office use a NAT modem to connect to Internet via FTTH (fiber to the home). With FTTH, we cannot connect Astaro VPN gateway directly to Internet without going through a modem to avoid problem with NAT. So branch office is behind NAT (while head office is not), and VPN fails.
Branch's LAN ---> Astaro gateway 1 ---> FTTH modem (NAT) ---> Internet <--- Astaro gateway 2 <--- Head Office's LAN
Does anyone here meet the same problem ? Can you suggest a solution for this VPN problem behind NAT ? or We have to remove NAT device in between to enable site to site VPN ?
Btw, do you think we can connect Astaro gateway directly to Internet using FTTH, or we have to change to use leased line or other type of WAN connection to make this possible ? Can we configure the FTTH modem (we use TP-Link) in bridge mode to avoid NAT ?
I really need help.
Look forward to hearing from you all.
Thanks a lot.
Minh