|reply to Network Guy |
Re: Cisco VPN server via double NAT
There is nothing wrong in dedicating VPN Concentrator separated from edge or Internet router. There is however a concern of having consumer-grade gear such as Netgear in the mix since usually consumer-grade gears can introduce funky stuff without a way to monitor/remove/remediate/adjust.
If your network is small enough, having single 1841 router to be both Internet router and VPN Concentrator should be no problem. Simply monitor the CPU and memory consumption in addition to monitor behavior. You can always scale up by adding another Cisco 1841 when needed.
Yeah.. I think the Netgear is getting pulled out of the mix. I need to force myself to use CLI more often to manage my home router as it is.
·Future Nine Corp..
Yeah, I used that example to tinker with this. It basically denies NAT'ing for "interesting" traffic.. or what I was needing between 10.17.12.200/29 and 10.18.12.24/29.. but it was still double NAT at best between the cell phone and the Netgear router.
I'm hoping you're right and it was just the Netgear router.
Never work with Netgear products, but I'm guessing there should be some options you can turn off NAT for interesting traffic. Cellphone feature is however limited, depending your cellphone make, model, operating system, and the apps you are using. I believe cellphone companies always implement NAT and unless you have bargaining power, there is nothing you can do or say to the cellphone company to turn NAT off. What you can do is to use Wifi network sitting outside the router and to have the laptop to use Wifi network to establish IPSec VPN.