VPN and Internet Access

Unanswered Question
Jan 9th, 2008

A 2851 router serves as an end point for an IPSEC vpn between to sites. I would like to now also allow users behind this router to access the Internet. Do I need an additional public ip address or can I hide behind the same IP?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Wed, 01/09/2008 - 10:15


There might be something in your requirements or in your environment that we do not yet know that might change this. But in general you should be able to allow traffic going out the outbound interface to the Internet as well as VPN traffic to a remote peer without needing a second IP address.

You would need to be careful with the access list which defines traffic to be protected by the IPSec VPN so that only traffic that is really going to the remote peer is processed by VPN and the other traffic just exits the outbound interface (doing NAT I assume).



101pch382 Wed, 01/09/2008 - 10:31

Is there some configuration documentation I can refer to in assisting me with this configuration?


This Discussion