cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
503
Views
0
Helpful
3
Replies

EZ VPN client in DMZ and a router-on-a-stick

Alltimed
Level 1
Level 1

Does anyone know if it is possible to use a Cisco 1811 as an EZVPN client

while the router is setup with only one interface? I have a customer that

requested their VPN router to us be setup in their DMZ with no public facing

interface on the 1811 (VPN device). I usually configure our VPN

configurations with an internet facing interface and a DMZ facing interface.

3 Replies 3

andrew.prince
Level 10
Level 10

This is possible - you would terminate the VPN on the router in the DMZ. Once connected - you have a route map to set the next hop of the inside network from the router for the VPN IP Pool of addresses.

HTH>

ovt
Level 4
Level 4

I don't think it is possible with only one *logical* interface. Router as a EZVPN Client requires two interfaces to do PAT for traffic going to the Internet. So far as I know, this is autoconfigured in both Client and NEM modes and cannot be disabled. However you *can* use 802.1q trunk to create two *logical* interfaces and configure EZVPN Client, or just configure Site-to-Site on a stick.

HTH

I was able to accomplish this by using a loopback interface.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: