Previous Topic

Next Topic

Coordinator Connection via Firewall with Static NAT

This connection option is suitable if you need to protect the IP traffic of nodes in the local network, and there is a firewall or NAT device on the border of the local network that allows you to set static rules of address translation. In this case, we recommended you install ViPNet Coordinator and set the parameters of connection via the firewall on one of network interfaces of this coordinator. After that, you should set all ViPNet clients on your local network to work through this coordinator.

To configure a coordinator's connection via a firewall (NAT) where static rules of address translation are possible:

  1. Select the coordinator node and click the Firewall tab.
  2. Ensure there is a tick in the Use firewall check box.
  3. Select With static address translation from the Firewall type drop-down box.

  4. Select the IP address of the network interface that connects to the firewall from the IP address of network interface connected to the firewall drop-down list box. If you cannot specify the exact IP address and want to do it manually on the coordinator node itself, select Chosen on the network node.

    Note: To display a list of IP addresses, you should have previously specified them via the IP addresses tab.

  5. If you know the IP addresses of the external interface of the firewall (and they are not changed dynamically):
    1. Click the Add button in the External firewall IP addresses section of the screen.

      The IP address window appears:

    2. Type an IP address and click OK. Note: IP addresses must be unique. If an IP address already exists, the program will warn you. If you add an address from the private range of addresses, the program will warn you.

      IP packets from external nodes, intended for this coordinator, will be sent to these addresses.

  6. To fix an external IP address for accessing this coordinator through the firewall, click the Fix an external IP address check box and select the IP address from the drop-down list. Note: The first address from the list of external addresses automatically displays.

    If an IP address is not specified, the IP address is registered by the external parameters of the IP packet. If an IP address is specified, external network nodes will send packets for this coordinator to the specified address, regardless of the address substituted in the external parameters of the packet.

    We recommend you select this option only if the firewall has several external addresses and you need to route incoming packets through a specific address, regardless of the firewall address from which a packet left.

  7. If necessary, change the port number in the UDP access port text box. By default, it is 55777. This port number is specified on the firewall to give external nodes access to this coordinator. Changing the default value is required if several ViPNet nodes will work directly through one firewall or NAT device (ie. a connection through a firewall with static address translation will be set on each node). In this case, port numbers for these nodes must be different.

Back to top

© 2007 Infotecs