Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Callback and VPN with NAT static to dynamic IP

We wont to configure the following Network:

On the Zentral Site is a 2651 Router with 2 Port Fast Ethernet. One Port (Ethernet 0/0) goes to the local Net, one Port (Ethernet 0/1) goes to the Internet. At Ethernet 0/1 we have a static IP Adress from ISP. Also we have on this router a Bri Port. This Port is connected to a 1603 Router which is also connected to the Internet with a dynamic IP Address from ISP. We have installed IPSec software on both routers. We can make a tunnel trough the Internet from 1603 to 2651. We wont build a tunnel from 2651 to 1603. Can I call the 1603 router from Zentral Side, so that the 1603 make a callback to ISP and biuld a tunnel trough the Internet to 2651? Can you tell me how?

When I make the callback to Internet my routing table is wrong. How to configure the second static route to local Network on Central site?

Thank you very much and best requards.

Oliver Kutschenreuter

2 REPLIES
Cisco Employee

Re: Callback and VPN with NAT static to dynamic IP

Since the 1603 is configured to have an ip address negotiated (ie dynamically get an ip address from the ISP), your configuration on the 2651 is probably one of a dynamic wild pre-shared key, in which case the tunnel could only be initiated on 1603 side and not on the 2651 side. If you want the traffic to be initiated too from the 2651, you need to really have a static address assigned to the 1603 so you could configure the 2651 for a proper static peer, and does initiate the traffic to the peer. As it stands really, it doesn't know the ip address of the 1603 to be able to initiate traffic to it.

New Member

Re: Callback and VPN with NAT static to dynamic IP

Thank you very much for your answer. I 've fear for, that it is so. Can you tell me an alternate for or network-design. How can I configure my router in headquarter, that the call to the filials go troght the Internet. We need a high level of securety, and we wont economice or costs. The administrator must take the call to the Filials because the program can 't work other wise.

Thank you in advance.

Oliver Kutschenreuter

144
Views
0
Helpful
2
Replies
CreatePlease to create content