VPN NAT Traversal when both USG are behind CGNAT with unpredictable source port
I'm not sure this will happen due to how it can only be done where by both ends are behind CGNAT with no incoming allowed and unpredictable source port mapping but here is one hell of a way to do it! Not 100% sure it would work.
Here how port 500 Traversal would go then the same for 4500
Comments
-
So after going through how it work it don't then relooked to how might of worked but it ended up being impossible so one end source port must be true on one side
0 -
So this is the best that can be done where both end are CGNAT no incoming allowed and one side has source port that are true.
0 -
Hello,
Actually we've got an Ipsec tunnel using 2 USG Flex behind fiber.
We would like to use a starlink (Router bepassed) in case of fail of fiber.
Actually Starlink is only used for internet surfing (and working well)
I show your explanation but don't understand how to configure it.
Thank's for your help.
Lilian.
0 -
Hello,
Actually we've got an Ipsec tunnel using 2 USG Flex behind fiber on each side.
We would like to use a starlink (actually bypass mode) in case of fail of fiber on one side.
How to handle starlink CGNAT ?
Thank's for your help.
Lilian.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight