Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
0
Helpful
5
Replies

site to site vpn

Go to solution
jopetik09
Level 1
Level 1

‎11-11-2010 04:18 AM

Hi All,

I have the below scenario at one customer site.

R1 (192.168.1.2)----->DSL Modem---->INTERNET----->R2 (202.x.x.x)

Explaination: R1 (IP 192.168.1.2) connected to DSL Modem (DSL Modem has inbuilt dhcp server-192.168.1.1, from which R1 also getting ip). DSL mode has public IP 195.x.x.x at other end and so R1 is able to ping R2 (202.x.x.x).

Now can I establish site to site vpn between R1 and R2?

Is it possible in this scenario?

Thanks in advance.

Jopeti.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to jopetik09

‎11-11-2010 05:51 AM

Jopeti,

You have some options...

For example if R1 modem can be configured to statically redirect IPsec traffic to the internal private IP of R1, then you can set a regular site-to-site VPN using NAT on the modem.

Most of the times this is not done and instead you configure either of the two options that I told you.

You can definitely configure a Site-to-Site tunnel between both sides, the tweak is that you must adapt it to Static-to-Dynamic configuration or implement an EzVPN configuration.

Federico.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-11-2010 05:29 AM

Hi,

You can set up a site-to-site between both sites but regular configuration assumes static public IPs on both ends.

Since one side is having a dynamic IP, then you have two options:

1. Site-to-Site Static-to-Dynamic configuration between both routers

2. EzVPN configuration

Also, I've seen people doing DDNS to create a tunnel when the IP changes.

Hope it helps.

Federico.

0 Helpful

Go to solution
jopetik09
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-11-2010 05:46 AM

Hi Federico,

The R1 is getting private IP (192.168.1.2) from DSL modem not public IP but DSL modem (controling by provider) have public IP at other end.

The R2 have direct DSL connect and fixed with public IP.

Now is it possible to setup site to site vpn?

Jopeti.

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to jopetik09

‎11-11-2010 05:51 AM

Jopeti,

You have some options...

For example if R1 modem can be configured to statically redirect IPsec traffic to the internal private IP of R1, then you can set a regular site-to-site VPN using NAT on the modem.

Most of the times this is not done and instead you configure either of the two options that I told you.

You can definitely configure a Site-to-Site tunnel between both sides, the tweak is that you must adapt it to Static-to-Dynamic configuration or implement an EzVPN configuration.

Federico.

0 Helpful

Go to solution
jopetik09
Level 1
Level 1
In response to Federico Coto Fajardo

‎11-11-2010 06:27 AM

Hi Federico,

I have to check with Provider to do port forward to R1

*****You can definitely configure a Site-to-Site tunnel between both sides, the tweak is that you must adapt it to Static-to-Dynamic configuration*****

Can i have any sample configuration for the above R1 (871)

Jopeti.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents