Can I use a Juniper SSG 5 in an ASUS RT-N66U DMZ to set up an IPSEC tunnel?

[jktucker58]

I have the ASUS connected to my Comcast modem and want my home Macs, iPads, etc. to use the normal internal network. I also need to connect a Windows machine via an IPSEC tunnel back to my company's SonicWall firewall. I am wondering if I can put a Juniper SSG-5 in the DMZ and put the Windows system behind it and have the IPSEC work correctly. I don't know how or if it could work with the NATs involved. Thanks in advance.

 

[bill001g]

It depends on how you run the vpn. Most support what is called NATT ipsec to pass though nat. Most routers also have what is called VPN passthough that allows the GRE and IPSEC protocols to get though a NAT connection.

In general it should just work but if the company network is set too strict it may not work...there is little you can do if they do not allow the features that allow IPSEC to work via NAT.

 

[jktucker58]

Well I work with the guys that manage the SonicWall so that should help. I decided to flip things and put the Juniper first after the Comcast router with the ASUS behind it. I figure this would take out one complication. But this new Comcast router is also doing NAT. I tried it in bridge mode and lost all connectivity. Comcast did not want to give out an IP to any device I tried.