how to tunnel two hubs when both are behind NAT

book

Article ID: 209212

calendar_today

Updated On:

Products

CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM) DX Infrastructure Management

Issue/Introduction

I have a tunnel server behind NAT and I need to set up a new tunnel client that is also behind NAT.  How can I get them to communicate successfully?

Resolution

[for a new installation]

1. on the tunnel server hub, create a new client certificate; for the "common name", instead of wildcard/* use the actual public IP that the connection will be coming from on the client side (NAT IP).
2. copy this certificate to a text file and place it on a location on the client machine, e.g. /tmp/cert.txt
3. on the client, run the nimldr installer and choose to install Infrastructure (hub).  
4. at the end of the install, you may be asked to initialize security - say yes.  When prompted for a password, enter the same as the existing UIM Administrator password.
5. if you are not prompted to initialize security don't worry about it, just proceed to the next step.
6. at the end of the install you will also be prompted to install a tunnel - choose to do so.
7. choose "tunnel client" and then give the path to the certificate (/tmp/cert.txt) when prompted.
8. the installation will complete.
9. edit the /nimsoft/hub/hub.cfg and locate the <tunnel> ... <client> entry which was created for the tunnel client.
10. change "check_cn=yes" to "check_cn=no" and save the file.
11. restart the UIM service on the hub and now the tunnel should connect.