help needed - tunnel from behind ADSL router

Unanswered Question
Oct 11th, 2009
User Badges:

I have a situation in which I require to set-up IPSec tunnel in between two 1841 routers. This is normally two minutes job, in this case however one of the routers sits on a private LAN behind ADSL router (at the moment there is no reasonable way to get around it).



Thus:


1841-1 <-> WAN <-> ADSL Router <-> 1841-2



1841-1


FE0/1 Private LAN 172.16.1.1


FE0/0 Public IP


|


WAN


|


ADSL Router


Public IP


NAT


Private LAN1 192.168.0.1


|


1841-2


FE0/0 LAN1 IP 192.168.0.1


FE0/1 LAN2 IP 172.16.0.1



172.16.1.0-172.16.0.0 require to communicate over the IPSec tunnel.



Could you please advice me on 1) what is the most practical way to set this up with out loosing sanity; and 2) Could you maybe point me to some documentation that deals with this specific scenario?



Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Patrick0711 Tue, 10/13/2009 - 19:52
User Badges:
  • Bronze, 100 points or more

Does '1841-2' have a corresponding public IP?


If so, there should be no issue establishing an IPSEC VPN using the public IP address.


If there is not a public IP for '1841-2' I cannot see any way that you'd be able to get this to work.

_wacolaco_ Wed, 10/14/2009 - 07:03
User Badges:

'1841-2' does not have public IP (it "fakes" to have one).


IPsec tunnel is fully working now.


In the process though I have learned that it depends on what ADSL modem you are using to get this working.


Check out http://kb.juniper.net/KB4715 for example (this is the one I got working).


You can thus give your Cisco router a private IP behind ADSL router and then follow the steps from the knowledge base article above on ADSL modem (if you have same type available).


In addition then, on your Cisco router - you require to add loopback 0 interface and give it public IP of your ADSL router (yes - your adsl router WAN interface and loopback interface on your Cisco router have now the same public IP).


As the last step, on your Cisco router, change tunnel interface: source interface loopback 0 and destination your remote gateway.


I am going to try different modems, many models can actually do this, but the documentation is often unimpressive.


It is possible that there are better ways to do this, if so, please let me know.


If you wish to have more details about the set-up, let me know.


Thanks.

Actions

This Discussion