Bidirectional NAT For NMS

2 minute read

On the Router

  1. Go to VPN.
  2. Select IPsec.
  3. Select the green “Add P1” button on the bottom left.
  4. Select the below settings for the Tunnel Phase 1:
    • Key Exchange version: IKEv1
    • Internet Protocol: IPv4
    • Interface: WAN-VIP
    • Remote Gateway: IP of NMS firewall
    • Description: AIS NMS
    • Authentication Method: Mutual PSK
    • Negotiation Mode: Main
    • My identifier: IP Address VIP address
    • Peer identifier: Peer IP Address
    • Pre-Shared Key: Create a new Pre-Shared Key
    • Encryption Algorithm: AES SHA256 2 (1024 bit)
    • Lifetime: 28800
    • NAT Transversal: Auto
    • Dead Peer Detection: Enable DPD checked
    • Delay: 10
    • Max failures: 50
  5. Select the below settings for the Tunnel Phase 2:
    • Mode: Tunnel IPv4
    • Local Network: Network / Local Subnet
    • NAT/BINAT translation: Network / Subnet to be used on NMS
    • Remote Network: NMS Network
    • Protocol: ESP
    • Encryption Algorithms: AES
    • Hash Algorithms: SHA256
    • PFS key group: off
    • Lifetime: 86400
    • Automatically ping host: NMS Internal IP

On the NMS Firewall

  1. Go to VPN.
  2. Select IPsec.
  3. Select the green “Add P1” button on the bottom left.
  4. Select the below settings for the Tunnel Phase 1:
    • Key Exchange version: IKEv1
    • Internet Protocol: IPv4
    • Interface: WAN
    • Remote Gateway: IP of client VIP
    • Description: Client Name
    • Authentication Method: Mutual PSK
    • Negotiation Mode: Main
    • My identifier: IP Address of NMS firewall
    • Peer identifier: Peer IP Address
    • Pre-Shared Key: Pre-Shared Key created on client firewall
    • Encryption Algorithm: AES SHA256 2 (1024 bit)
    • Lifetime: 28800
    • NAT Transversal: Auto
    • Dead Peer Detection: Enable DPD checked
    • Delay: 10
    • Max failures: 50
  5. Select the below settings for the Tunnel Phase 2:
    • Mode: Tunnel IPv4
    • Local Network: LAN Subnet
    • NAT/BINAT translation: None
    • Remote Network: Binat network
    • Protocol: ESP
    • Encryption Algorithms: AES
    • Hash Algorithms: SHA256
    • PFS key group: off
    • Lifetime: 86400
    • Automatically ping host: Blank
AIS Managed NMS

See what’s important before it becomes urgent. The AIS Network Monitoring System that tracks performance, reliability, and configuration metrics for on-premise and cloud devices and applications. Included tools for Central Administration, Remote Management, Network Typology Insights, In-Depth Monitoring, and Faster Troubleshooting and Root Cause Analysis.


Last modified June 14, 2021
Get Started Now