Client Connection via Firewall with Dynamic NAT

This connection option is suitable if there is no ViPNet Coordinator in the local network or clients cannot use a coordinator as a firewall. It also applies where there is a firewall or NAT device on the border of the local network that won't let you easily set static rules of address translation.

For learn more about this technology, read Coordinator Connection via Firewall with Dynamic NAT.

To configure a client's connection via a firewall (NAT) where static rules of address translation are difficult or impossible:

1. Select the client node and click the Firewall tab.
2. Ensure there is a tick in the Use firewall check box.
3. Select With dynamic address translation from the Firewall type drop-down box.

   

4. If you know the IP addresses of the external interface of the firewall (and they are not changed dynamically):
   1. Click the Add button in the External firewall IP addresses section of the screen.

      The IP address window appears:

      

   2. Type an IP address and click OK. Note: IP addresses must be unique. If an IP address already exists, the program will warn you. If you add an address from the private range of addresses, the program will warn you.

      By using the With dynamic address translation firewall type (see Coordinator Connection via Firewall with Dynamic NAT for a description of that technology), the coordinator of incoming traffic for the client is its IP addresses server.

      If you want the network configuration you are creating to work correctly, the IP addresses server must not work through a firewall with dynamic address translation or another other coordinator.

5. Select the relationship between the client you are setting and the coordinator acting as its IP addresses server from the Positional relationship between network node and coordinator drop-down list box.

   Note: This list box displays if the coordinator acting as the client's IP addresses server (see IP addresses tab) is using a firewall with dynamic address translation or another coordinator.

   If you want the network configuration you are creating to work correctly, you must choose In the same local network (the same routing).

6. Specify how often the coordinator for incoming traffic will pass incoming traffic through the firewall from the Coordinator polling period field. The default is 25 seconds. The poll period mustn't be much more than the session timeout for the dynamic rule on the NAT device. Different NAT devices have different session timeouts, but usually the session timeout is no less than 30 seconds.
7. If you want all connections with other network nodes to be done only through the coordinator for incoming traffic (ie. the technology described in Coordinator Connection via Firewall with Dynamic NAT won't be used), tick the Entire VPN traffic with external nodes to be directed through IP addresses server check box. Note: Due to increased traffic, the speed of data exchange can slow down. Otherwise, you can achieve more stable connections in the ViPNet network.

Back to top

© 2007 Infotecs