Cisco Support Community
Community Member

Using a router for both Internet and branch office WAN


I have one 2610 router at each of my two offices. These routers are connected to Internet . Both the routers have additional serial and ISDN BRI WAN ports. I want to use these ports to connect the two offices.

I was told that the router connected to the internet cannot be used for private WAN. Is this true?

If this is possible please help me by giving configuration required :

1) what to NAT and what not to NAT

2) The interface used for private WAN should be defined as an inside interface or an outside interface.



Re: Using a router for both Internet and branch office WAN

Nope--it's not true. The configuration will be a little more complex, but it is possible. What is most likely to be the easiest way to handle this is to set up the defaults towards the internet on both routers (which I assume you already have), then use route maps with extended access lists to set up the nat translation pools. For instance:

10.x 10.x

| |


| |

\ /


On both routers, create your nat pool, then:

ip nat inside source route-map foo pool


route-map foo permit 10

match ip address 101


access-list 101 deny ip any

access-list 101 permit ip any any


This should weed out the traffic destined to the other site from being nat'd. You could also match on the outbound serial interface towards the internet on both routers, or (negative) match on the bri towards the other site.

This should get you enough to build something that works out of it.


Community Member

Re: Using a router for both Internet and branch office WAN

You can use the router for both, however from a security standpoint the Cisco Safe blueprint would probably not recommend it.

You can NAT on the router or depending on the size of your firm and configuration buy two PIX 501's and create a VPN, or 1700's are cheap these days for the point to point.

CreatePlease to create content