Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Should be easy .....

Have been working on setting up a VPN w/2620 & 1602R. Have read quite a bit, but can't find what the IP address, source address, & destination address should be - that is, do the source/destination need to be "real" addrs. or can they be on the order of ? Do they need to be on the same subnet ?Does it matter which interface you use for source ? What about the tunnel addr. ? private or global ?

If someone can answer these questions, or point me to a doc. which does, I would appreciate it.

Thanks in advance,


New Member

Re: Should be easy .....

You will need real addresses unless this is not across the Internet or are using some kind of NAT along the way since private addresses will not route across the Internet. The can be on different networks as long as you have connectivity between them. You can use any interface as the source to terminate the tunnel but it should be the interface with the real address on it. If you are using GRE tunnels with your IPSec you can use private addresses on them. Hope this helps.

New Member

Re: Should be easy .....

Right now, just trying to set up GRE tunnel. Little confused (as you can see by my post) about the addressing. We do run NAT, and once I establish the tunnel, will be looking into that piece, as well as IPSec. Lots of issues to deal with, but it'll get there.

Thanks for the information.

New Member

Re: Should be easy .....

Peer interfaces need to be on the outside and you need routable addresses. Now, you can you the network behind both for your address pool because the other router will only see the "REAL" address.