VPN and Internet Access

101pch382 · ‎01-09-2008

A 2851 router serves as an end point for an IPSEC vpn between to sites. I would like to now also allow users behind this router to access the Internet. Do I need an additional public ip address or can I hide behind the same IP?

Richard Burts · ‎01-09-2008

Ron

There might be something in your requirements or in your environment that we do not yet know that might change this. But in general you should be able to allow traffic going out the outbound interface to the Internet as well as VPN traffic to a remote peer without needing a second IP address.

You would need to be careful with the access list which defines traffic to be protected by the IPSec VPN so that only traffic that is really going to the remote peer is processed by VPN and the other traffic just exits the outbound interface (doing NAT I assume).

HTH

Rick

HTH

Rick

101pch382 · ‎01-09-2008

Is there some configuration documentation I can refer to in assisting me with this configuration?

Richard Burts · ‎01-09-2008

Ron

See if this link has helpful information:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

HTH

Rick

HTH

Rick