User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
9-6 Troubleshooting
202-10015-01
Network Address Translation (NAT)
Network Address Translation (NAT) devices are widely deployed to enable local area networks
(LANs) to use a single set of external IP addresses for an entire network.
Remote users commonly encounter NAT devices in home networks, broadband modems (cable
and DSL), and hotels. Although an IPSec VPN connection can coexist with NAT devices,
IPSec-NAT incompatibilities may occur. To prevent these incompatibilities, the client employs the
latest of the emerging standards for NAT-Traversal (NAT-T).
When connecting to a peer (remote) device that implements the same NAT-T standard (there are
several), the client automatically detects the presence of the NAT device; you don't have to
configure anything. Then, the client and the peer device encapsulate the IPSec packets inside UDP
packets; this allows the VPN connection to traverse the NAT device without requiring any changes
in the NAT device.
When the client connects to a peer device and detects a NAT device, Log Viewer messages
indicate this detection. Here is a sample of these logged messages: