Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN with router with private IP address and behind dynaic public ip

Hi,

I have a 1841 router with Ifirewall IOS behind a public IP.

On the remote side I have a 1801 which is behind a modem/router (with dynamic public IP).... therefore it has a private adress on its outside interface.

Central Router (Pub IP)---- Internet ---- (Dynamic Pub IP)Modem/router ---- (Private IP)Router

Is it possible to setup an IPSEC VPN ? I try a lot of thing but nothing work....

Does anyone has a solution with a working configuration?

Rgards

5 REPLIES
Silver

Re: VPN with router with private IP address and behind dynaic pu

Hi,

IPsec does not work if NAT device is in between .

You can try enabling NAT-T on both sides and then connect.Let me know if it works.

HTH

Saju

Community Member

Re: VPN with router with private IP address and behind dynaic pu

I'm not sure but I've read that NAT-T is enable by default on IOS router....

Re: VPN with router with private IP address and behind dynaic pu

Hi,

You can use a Cisco Easy VPN setup.

The router behind NAT will be the client, and the router on head office is the server.

This will emulate a client-to-site connectivity type, but you can configure the tunnel to be permanently up.

A fine example:

http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080808395.shtml

The other way is to use DMVPN, that has a special protocol to detect the peers behind NAT, but if you have only two endpoints DMVPN makes little sense.

Please rate if this helped.

Regards,

Daniel

Community Member

Re: VPN with router with private IP address and behind dynaic pu

Hi Daniel,

Does it make sense to use Easy VPN if the remote site has a private IP address?

I also have à look at DMVPN but I only have 2 sites... so it takes a lot of configuration for that ;)

Thanks

Re: VPN with router with private IP address and behind dynaic pu

Hi,

Yes, it makes perfectly sense to use Easy VPN, since with this you don't need to nail down an IP address as VPN peer on the server.

So even if your provider changes the public IP to which you are NATed on the remote site, you will have no problems connecting.

This replicated the client-to-site VPN behavior where you can connect to the server even if you are behind a NAT/PAT device.

Give it a try.

Regards,

Daniel

244
Views
0
Helpful
5
Replies
CreatePlease to create content