Aaron Gould
2018-07-19 14:35:44 UTC
(please forgive cross-posting between jnsp and nanog.looking for anyone who
could help shed light)
I moved customers behind MS-MPC-128G (MX960) CGNat boundary a few nights
ago. for the most part it went well. with these couple issues. please let me
know what you know about this and how to fix. I don't know if it's fixed on
the endpoints, or in the cgnat config or what.
1 - IPSEC VPN
- Customer said the vpn connect light on cisco vpn router blinks (not
connected to vpn)
- I found out the vpn addresses that this cisco vpn router is trying
to connect to.
- I did a fix in cgnat rule stanza where all UDP 500 and 4500 traffic
to that distant vpn endpoint(s) will always be natted to one and only one ip
address (I did this thinking that the changing ip of the public pool
assigned ip addresses for udp 500 and 4500 was possible breaking it)
2 - PS4 gaming
- Customer said playing a few games (call of duty, etc) with Internet
players now doesn't work.
- They said the PS4 nat type is nat type 3 (strict) whereas before
the moved them to cgnat, it was NAT type 2 moderate and worked.
-Aaron
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
could help shed light)
I moved customers behind MS-MPC-128G (MX960) CGNat boundary a few nights
ago. for the most part it went well. with these couple issues. please let me
know what you know about this and how to fix. I don't know if it's fixed on
the endpoints, or in the cgnat config or what.
1 - IPSEC VPN
- Customer said the vpn connect light on cisco vpn router blinks (not
connected to vpn)
- I found out the vpn addresses that this cisco vpn router is trying
to connect to.
- I did a fix in cgnat rule stanza where all UDP 500 and 4500 traffic
to that distant vpn endpoint(s) will always be natted to one and only one ip
address (I did this thinking that the changing ip of the public pool
assigned ip addresses for udp 500 and 4500 was possible breaking it)
2 - PS4 gaming
- Customer said playing a few games (call of duty, etc) with Internet
players now doesn't work.
- They said the PS4 nat type is nat type 3 (strict) whereas before
the moved them to cgnat, it was NAT type 2 moderate and worked.
-Aaron
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp