Site-2-Site VPN on Cisco 2801 and with NAT traverse

Answered Question

Hi Guys,

I would like to configure two Cisco 2801 using IPSEC/IKE. Both routers are connected to the internet via DSL lines. The DSL line have RFC1918 addressing on the LAN side where the routers connected to facing the internet. I can do NAT on the DSL modems.

Do the Cisco IOS 2801 routers allow to configure site-2-site VPN with NAT traverse?

Here is a model of physical/IP setup:

LAN<->2801<-Priv IP->DSL Modem<-Internet->DSL modem<-Priv IP-> 2801<-> LAN

Thanks

Goncalo

I have this problem too.
0 votes
Correct Answer by attrgautam about 9 years 1 month ago

Yes you are good to go only if one or both of the sites has a IP address which is statically natted with the private IP address. Most of the implementation of IPSec on ISR support NAT traverse so that should not be a concern

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
attrgautam Wed, 10/17/2007 - 18:41

Yes you are good to go only if one or both of the sites has a IP address which is statically natted with the private IP address. Most of the implementation of IPSec on ISR support NAT traverse so that should not be a concern

njeaton999 Fri, 11/23/2007 - 10:03

Hi Attrquatum - I have exactly the same config, except my 2811's have WIC1-ADSL cards in them, so that I have NAT and public addresses assigned to each ATM0/0/0. As this is my first ever attempt at site-to-site VPN, might you post (a most simplified) config's to get me started? It would be much appreciated. br

shaunswales Mon, 12/03/2007 - 02:11

Hi There

Also looking for a basic config to get me going, except i'm using a 3600 at HO,and need to connect from home using an 800 series router with an ADSL line... any suggestions?

Actions

This Discussion