Router/VPN concentrator setup.

Unanswered Question
Oct 15th, 2009

We are trying to optimize our network set up, and would like to give our vpn concentrator a public ip.

Our ISP has given us a serial ip address of (ip address made up, but last 2 octets are real) which is currently going to our cisco 2811 router.

We have a public ip address range of

We would like to give the vpn concentrator a public ip of

There is an hwic on the 2811 router which has 4 open switch ports.

I ran a cable from one of these ports on the router to the vpn concentrator, but I don't know what gateway to tell the concentrator to use since the serial ip is not on the same subnet as our public ip range.

Is there an optimal way to do this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Thu, 10/15/2009 - 14:06

Hello William,

in this case you should assign an IP address from the pool to the Vlan SVI interface to be able to act as default gateway for the VPN concentrator.

the interface Vlan could be the first IP address on range:

vlan database

vlan 10



int vlan 10

ip address

the etherswitch port has to be associated to Vlan 10

int fasx/y


switchport mode access

switchport access vlan 10

desc to vpn concentrator


you need also to exclude the ip address assigned to the vpn concentrator from the NAT pool definition.

Hope to help



This Discussion