Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

external interface on vpn concentrator

I have a vpn concentrator 3000 and it has 3 interfaces. One is the private or inside interface, the other is the outside or public interface and the 3rd is the "external" interface.

What exactly would that 3rd interface be used for? Now I have a dmz that I would like to allow to vnp into the inside network. Could I designate the external interface as a "public" interface to allow the dmz to vpn into the external interfce? What would happen if I had 2 public interfaces?


Re: external interface on vpn concentrator


VPN3K 3rd interface (external) function is similar to the private/public interfaces. You can use it to connect your other segment/link,dmz,extranet,partner networks.

You can treat this interface similar to public interface where you need to assign filter to allow specific type of services,protocols and enable proper routing into your internal network.

You can have 2 different external/public networks connected to this box. However, you can only have one (1) interface designated as 'public', which is by default the Public Interface.

In Cisco VPN doc :

Public Interface -- To make this interface a public interface, check the Public Interface check box. A public interface is an interface to a public network, such as the Internet. You must configure a public interface before you can configure NAT and IPSec LAN-to-LAN, for example. You should designate only one VPN Concentrator interface as a public interface.



CreatePlease login to create content