Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

site to site vpn

Hi All,

I have the below scenario at one customer site.

R1 (192.168.1.2)----->DSL Modem---->INTERNET----->R2 (202.x.x.x)

Explaination: R1 (IP 192.168.1.2) connected to DSL Modem (DSL Modem has inbuilt dhcp server-192.168.1.1, from which R1 also getting ip). DSL mode has public IP 195.x.x.x at other end and so R1 is able to ping R2 (202.x.x.x).

Now can I establish site to site vpn between R1 and R2?

Is it possible in this scenario?

Thanks in advance.

Jopeti.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: site to site vpn

Jopeti,

You have some options...

For example if R1 modem can be configured to statically redirect IPsec traffic to the internal private IP of R1, then you can set a regular site-to-site VPN using NAT on the modem.

Most of the times this is not done and instead you configure either of the two options that I told you.

You can definitely configure a Site-to-Site tunnel between both sides, the tweak is that you must adapt it to Static-to-Dynamic configuration or implement an EzVPN configuration.

Federico.

5 REPLIES

Re: site to site vpn

Hi,

You can set up a site-to-site between both sites but regular configuration assumes static public IPs on both ends.

Since one side is having a dynamic IP, then you have two options:

1. Site-to-Site Static-to-Dynamic configuration between both routers

2. EzVPN configuration

Also, I've seen people doing DDNS to create a tunnel when the IP changes.

Hope it helps.

Federico.

New Member

Re: site to site vpn

Hi Federico,

The R1 is getting private IP (192.168.1.2) from DSL modem not public IP but DSL modem (controling by provider) have public IP at other end.

The R2 have direct DSL connect and fixed with public IP.

Now is it possible to setup site to site vpn?

Jopeti.

Re: site to site vpn

Jopeti,

You have some options...

For example if R1 modem can be configured to statically redirect IPsec traffic to the internal private IP of R1, then you can set a regular site-to-site VPN using NAT on the modem.

Most of the times this is not done and instead you configure either of the two options that I told you.

You can definitely configure a Site-to-Site tunnel between both sides, the tweak is that you must adapt it to Static-to-Dynamic configuration or implement an EzVPN configuration.

Federico.

New Member

Re: site to site vpn

Hi Federico,

I have to check with Provider to do port forward to R1

*****You can definitely configure a Site-to-Site tunnel between both sides, the tweak is that you must adapt it to Static-to-Dynamic configuration*****

Can i have any sample configuration for the above R1 (871)

Jopeti.

Re: site to site vpn

300
Views
0
Helpful
5
Replies