Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dick_Summers
Contributor

VPN to 730 appliance behind Google Fiber static IP

My client has Google Fiber with one static IP address.  The Google Fiber modem public IP NATs to a 10.0.0.0 address, to which the 730 WAN port is connected.  I have been unable to get a VPN connection through this configuration to the 730, the VPN client shows the site is not responding.

Any ideas or experience with this setup?

0 Kudos
2 Replies
G_W_Albrecht
Legend Legend
Legend

Question is: Who is the VPN peer ? Usually, this is a valid configuration and VPN should work as expected. Some limitations can be found in sk121758: R77.20.75 for Small and Medium Business Appliances:

The external IP address of the gateway is also part of its local VPN encryption domain by default. This may cause conflicts with IP addresses of peers when the gateway is behind NAT or uses a dynamic Internet Connection IP address.

  • To exclude the external IP of the gateway from the encryption domain, use this Аdvanced setting: "VPN Site to Site global settings - Do not encrypt connections originating from the local gateway".
  • For the Permanent VPN Tunnels feature to work properly in this mode, use the Аdvanced setting: "VPN Site to Site global settings - Perform Tunnel Tests using an internal IP address".
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Pedro_Espindola
Advisor

I have a similar setup. I used the DMZ option in the ISP router to send all incoming traffic to the WAN interface of the gateway. Both site-to-site and remote access VPN work well.

I had issues with VPN from mobile devices. The solution was to set the client to use SSL instead of IPSec, but if I remember correctly the site responded and connection was successful, but traffic to the encryption domain failed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events