Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

2600 router as a VPN endpoint


I have an extra 2600 series router laying around and I'd like to use it as a VPN server but not as a internet gateway/firewall. I want it to be a LAN host on an existing NAT'ed network. It would basically be using the same interface for the incoming and the outgoing traffic. Is this doable?

Thank you!


Re: 2600 router as a VPN endpoint

Yes, you can use 2600 router as vpn server. Refer to Configuring IOS-to-IOS IPSec Using AES Encryption for information

Community Member

Re: 2600 router as a VPN endpoint

Thanks, but I have only one router so I'm not sure how the IOS-to-IOS part applies. I know that the router can work as a VPN server if it's also the network gateway but how do I configure it using just one network interface when it's a LAN host on that already uses a different firewall/gateway solution.


Re: 2600 router as a VPN endpoint


1) configure an ip address on your VPN router,

let say Configure default gateway

on this router to which is your NAT

device (Pix, checkpoint, Linux, whatever),

2) On the NAT device create a static NAT for

the VPN router:

Pix: static (i,o) net /32

IOS: ip nat inside source static


ip nat inside source static udp 500 int f0/0 500

ip nat inside source static esp int f0/0

3) allow isakmp and ESP or udp/4500 on your external ACL:

access-list vpn permit udp any host eq 500

access-list vpn permit udp nay host eq 4500

access-list vpn permit esp any host

4) apply ACL to external interface of external device:

ip access-group vpn in

5) on the vpn device, configure your VPN device for IPSec,

6) configure static route on the NAT_device so that

when it see IPSec interesting traffic, send it to the


What you're trying to do is often referring

to as one-arm vpn routing

That's it. Very easy.

CreatePlease to create content