Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN between 2 routers dynamic to static but static site behind FW

Hello,

a small question about design.

if I use the cisco example VPN between 2 routers, one site with dynamic IP

directly connected to Internet,

the other site with static IP (private address) but behind a firewall which does NAT for this hubrouter.

is this recommended or not

because of different proxy-entries on both sides ?

btw We want to use C1721 on both sides , IOS 12.2.4YA2...

Thanks for proposals.

Regards,

Stefan

2 REPLIES
Cisco Employee

Re: VPN between 2 routers dynamic to static but static site behi

As long as the hub router would have an ip address on the translation that is it's own, and you use esp tunneling, then it should work.

If the NAT is a PAT, then that is when you would have issues. Make sure the firewall allows for ike (udp 500) and esp (tcp 50), and the source would be any as the ip from the other router is dynamic.

Regards,

New Member

Re: VPN between 2 routers dynamic to static but static site behi

ok,

thank you for your answer.

regards,

stefan

115
Views
0
Helpful
2
Replies
CreatePlease login to create content