issues through CGNat (juniper ms-mpc-128g in mx960)
Matt Erculiani
merculiani at gmail.com
Thu Jul 19 14:44:06 UTC 2018
One of the biggest deal-breakers about the Miltiservices DPC and MPC is
that it does not support NAT Transversal (UDP hole punching), which is
probably the reason you're having trouble with the PS4 online gaming. It
also messes with VoIP too.
As for the IPsec issue, im not sure if that would be related to NAT-T, but
you'd probably need logs. Might just be easier to give anyone using an
IPsec tunnel a public IP.
-M
On Thu, Jul 19, 2018, 09:35 Aaron Gould <aaron1 at gvtc.com> wrote:
> (please forgive cross-posting between jnsp and nanog.looking for anyone who
> could help shed light)
>
>
>
> I moved customers behind MS-MPC-128G (MX960) CGNat boundary a few nights
> ago. for the most part it went well. with these couple issues. please let
> me
> know what you know about this and how to fix. I don't know if it's fixed on
> the endpoints, or in the cgnat config or what.
>
>
>
> 1 - IPSEC VPN
>
> - Customer said the vpn connect light on cisco vpn router blinks
> (not
> connected to vpn)
>
> - I found out the vpn addresses that this cisco vpn router is trying
> to connect to.
>
> - I did a fix in cgnat rule stanza where all UDP 500 and 4500
> traffic
> to that distant vpn endpoint(s) will always be natted to one and only one
> ip
> address (I did this thinking that the changing ip of the public pool
> assigned ip addresses for udp 500 and 4500 was possible breaking it)
>
>
>
> 2 - PS4 gaming
>
> - Customer said playing a few games (call of duty, etc) with
> Internet
> players now doesn't work.
>
> - They said the PS4 nat type is nat type 3 (strict) whereas before
> the moved them to cgnat, it was NAT type 2 moderate and worked.
>
>
>
>
>
> -Aaron
>
>
>
>
More information about the NANOG
mailing list