Viewing Article
| Mar 22 2013, 11:09 AM |
There are a few causes that will prevent VPN tunnels from establishing across a Sharedband internet service:
Encryption
The VPN tunnel must not use medium level encryption as this level employs 'AH' which does not accomodate NAT.
You must instead use high level encryption as this will use either 'Triple DES' or 'AES' which fully supports NAT.
MTU
Please refer to http://support.sharedband.com/kb/kb8
IPSEC
When failing to establish an IPSEC VPN tunnel due to NAT interference of IKE FQDN endpoint identification, the IKEv2 protocol can be used as a workaround. When compared to traditional IKE, IKEv2 avoids the use of a public IP subnet, allows for better NAT traversal and accepts more endpoint identification methods. IKEv2 is now available on most modern corporate firewall solutions.
Encryption
The VPN tunnel must not use medium level encryption as this level employs 'AH' which does not accomodate NAT.
You must instead use high level encryption as this will use either 'Triple DES' or 'AES' which fully supports NAT.
MTU
Please refer to http://support.sharedband.com/kb/kb8
IPSEC
When failing to establish an IPSEC VPN tunnel due to NAT interference of IKE FQDN endpoint identification, the IKEv2 protocol can be used as a workaround. When compared to traditional IKE, IKEv2 avoids the use of a public IP subnet, allows for better NAT traversal and accepts more endpoint identification methods. IKEv2 is now available on most modern corporate firewall solutions.