Re: Configuring VPN over ADSL

john.rhyman · ‎11-02-2001

I have the following setup :

|Windows ME|----|adsl router|---internet ---->

|cisco 1720 adsl| ---- |pix 506|--Enterprise network

Since I only have 1 public address on the Cisco 1720 adsl interface, how can I setup both the cisco 1720 adsl router and the pix 506 in order to have a VPN to the enterprise network. Can the 1720 do bridging so that the public address goes to the pix 506?

Many thanks,

John

smahbub · ‎11-08-2001

You’ll have to get another IP address from your provider or use NAT transparency mode with a VPN concentrator instead of a router or PIX.

donnwilliams · ‎11-08-2001

I believe this will work. The tunnel should exist between the adsl router and the 1720. The adsl router should have a filter list (ACL) for the address space of your Enterprise network. When packets match the filter list there sent out the tunnel to the 1720. On the 1720 you will need to have static route statements for the Enterprise network space, which point to the interface of the PIX that's connected to the 1720. So when you try and connect to an address on your Enterprise the adsl router sends the packets through the tunnel encapsulating the actual header using ESP. At the 1720 the ESP header is striped off and the original header is revealed showing the Enterprise address. At that point the 1720 should forward the packet onto the PIX, because of the static route statements and you’re in. I believe that should do it. Please someone correct me if I am wrong.