Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
0
Helpful
1
Replies

VPN Tunnel problem | outside interface has private IP

m.samouka
Level 1
Level 1

‎06-11-2009 08:53 AM - edited ‎03-04-2019 05:05 AM

Hi all,

I don't know if this is a wired case or not!

When our ISP provide us with an Internet connection our Real IP is configured on the Ethernet interface, while the serial interfaces have a private IP address.

The problem here comes when i'm trying to configure a VPN tunnel to another Router.

Every thing in the configuration is smooth except the part where i set that the Serial interface is my outside.

The tunnel is always down coz the IP address will be my Private (serial interface) while the configuration on the peer router is my public IP.

So i'm wondering is there a way that i can force the VPN tunnel to take the IP configured on the LAN side? Or any other work around?

Building configuration...

Current configuration : 2372 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

boot-start-marker

boot system flash c1841-advsecurityk9-mz.124-23.bin

boot-end-marker

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp policy 2

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key ************ address 144.254.x.y

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to144.254.x.y

set peer 144.254.x.y

set transform-set ESP-3DES-SHA

match address VPN_Traffic

!

!

!

interface FastEthernet0/0

ip address 10.55.218.1 255.255.255.0 secondary (My Internal Subnet)

ip address 196.219.a.b 255.255.255.224 (My Public IP)

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

no keepalive

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

encapsulation frame-relay IETF

frame-relay lmi-type q933a

!

interface Serial0/0/0.16 point-to-point

ip address 172.16.133.2 255.255.255.252

ip nat outside

ip virtual-reassembly

snmp trap link-status

frame-relay interface-dlci 16

crypto map SDM_CMAP_1

!

interface Serial0/0/1

no ip address

encapsulation frame-relay IETF

ignore dcd

frame-relay lmi-type q933a

!

interface Serial0/0/1.16 point-to-point

ip address 172.16.134.2 255.255.255.252

ip nat outside

ip virtual-reassembly

snmp trap link-status

frame-relay interface-dlci 16

crypto map SDM_CMAP_1

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Serial0/0/1.16

ip route 0.0.0.0 0.0.0.0 Serial0/0/0.16

!

ip access-list extended VPN_Traffic

remark Protect traffic from Local subnet to any Destination

remark SDM_ACL Category=4

permit ip 10.55.218.0 0.0.0.255 any

!

scheduler allocate 20000 1000

end

Labels:
0 Helpful
1 Reply 1

mlitka
Level 2
Level 2

‎06-11-2009 09:40 AM

Does this router have a static NAT statement on the upstream device?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card