Previous Topic

Next Topic

Connections via Firewall with Dynamic NAT

This connection type is universal and can be used in almost any case. The main purpose of this connection is to provide a secure, two-sided link with nodes working through NAT devices that make it difficult or impossible to set static rules of address translation (including the absence of user rights).

If you have several clients working through a NAT device, the set up of a coordinator with one or more network adapters can aid the concentration of encrypted traffic. The following settings need to be applied to the coordinator first:

After the installation of all clients (assuming they were registered on this coordinator in ViPNet Manager), you will find their Firewall type automatically set to (this) ViPNet coordinator. This ensures all client IP packets are forwarded to the NAT device through the coordinator with the coordinator's network adapter IP address.

If clients in the local network cannot work through a ViPNet coordinator, you should set the Firewall type to With dynamic NAT. The firewall or NAT device must be assigned, by default, as a gateway for the operating system of workstations where clients are installed.

If you work with a DSL modem and long packets can't be transmitted, you can decrease the MTU (Maximum Transmission Unit) value in the Advanced Settings window.

To ensure settings are made correctly, we recommend you read about using a connection via a firewall with dynamic address translation.

To configure a client's connection via a firewall (NAT) where static rules of address translation are difficult or impossible:

  1. Ensure there is a tick in the Use Firewall check box.
  2. Select With dynamic NAT from the Firewall type drop-down box.

  3. From the IP addresses server drop-down list box, select the client's coordinator for incoming traffic. This coordinator can be accessible either directly or through a firewall with static address translation.
  4. To keep the dynamic rule alive, the client periodically sends UDP packets to a corresponding coordinator for incoming traffic (IP addresses server). By default, the sending period is 25 seconds. If necessary, change this value. Note: The poll period mustn't be much more than the session timeout for the dynamic rule on the NAT device.
  5. If you want all incoming and outgoing traffic to be routed through the coordinator for incoming traffic, tick the Direct all traffic with external hosts through IP addresses server check box. Note: Due to increased traffic, the speed of data exchange can slow down. Because of this, you should only enable this function in certain cases.
  6. Click the Apply to save your settings.

To configure a coordinator's connection via a firewall (NAT) where static rules of address translation are difficult or impossible:

  1. Ensure there is a tick in the Use Firewall check box.
  2. Select With dynamic NAT from the Firewall type drop-down box.
  3. From the ViPNet coordinator for incoming traffic drop-down list box, select the coordinator that will always be accessible.
  4. From the Network interface connected to Firewall drop-down list box, select the network adapter located on the same side as the NAT device, through which the coordinator works.

    Static

  5. If necessary, change how often the coordinator will pass incoming traffic through the firewall from the ViPNet coordinator poll period for providing traversal of incoming traffic through Firewall (seconds) text box. Note: The default value, 25 seconds, is sufficient for most NAT devices with dynamic rules.
  6. If you want all incoming and outgoing traffic to be routed through the coordinator, tick the Direct all traffic with external hosts through ViPNet coordinator check box. Note: Due to increased traffic, the speed of data exchange can slow down. Because of this, you should only enable this function in certain cases.
  7. Click the Apply to save your settings.

Back to top

© 2007 Infotecs