Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

EZ VPN client in DMZ and a router-on-a-stick

Does anyone know if it is possible to use a Cisco 1811 as an EZVPN client

while the router is setup with only one interface? I have a customer that

requested their VPN router to us be setup in their DMZ with no public facing

interface on the 1811 (VPN device). I usually configure our VPN

configurations with an internet facing interface and a DMZ facing interface.

3 REPLIES

Re: EZ VPN client in DMZ and a router-on-a-stick

This is possible - you would terminate the VPN on the router in the DMZ. Once connected - you have a route map to set the next hop of the inside network from the router for the VPN IP Pool of addresses.

HTH>

ovt Bronze
Bronze

Re: EZ VPN client in DMZ and a router-on-a-stick

I don't think it is possible with only one *logical* interface. Router as a EZVPN Client requires two interfaces to do PAT for traffic going to the Internet. So far as I know, this is autoconfigured in both Client and NEM modes and cannot be disabled. However you *can* use 802.1q trunk to create two *logical* interfaces and configure EZVPN Client, or just configure Site-to-Site on a stick.

HTH

New Member

Re: EZ VPN client in DMZ and a router-on-a-stick

I was able to accomplish this by using a loopback interface.

235
Views
0
Helpful
3
Replies
CreatePlease to create content