01-09-2008 09:51 AM - edited 03-05-2019 08:22 PM
A 2851 router serves as an end point for an IPSEC vpn between to sites. I would like to now also allow users behind this router to access the Internet. Do I need an additional public ip address or can I hide behind the same IP?
01-09-2008 10:15 AM
Ron
There might be something in your requirements or in your environment that we do not yet know that might change this. But in general you should be able to allow traffic going out the outbound interface to the Internet as well as VPN traffic to a remote peer without needing a second IP address.
You would need to be careful with the access list which defines traffic to be protected by the IPSec VPN so that only traffic that is really going to the remote peer is processed by VPN and the other traffic just exits the outbound interface (doing NAT I assume).
HTH
Rick
01-09-2008 10:31 AM
Is there some configuration documentation I can refer to in assisting me with this configuration?
01-09-2008 11:16 AM
Ron
See if this link has helpful information:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide