Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot establish VPN tunnel - Moved VPN gateway behind Internet router

Core issue

The VPN gateway was moved behind the Internet router and now the remote devices cannot access it.

Resolution

  1. Configure static Network Address Translation (NAT) on the Internet router for the VPN gateway address.
  2. Verify that the Internet router is not blocking the VPN traffic with an access list. The ports that need to be opened are shown below.

    • IPSec - UDP 500, protocol ESP, protocol AHP, and UDP/TCP port greater than 1023 used for IPSec over UDP/TCP.
    • PPTP  - protocol GRE and TCP 1723.
Comments
New Member

When it is said open port, does this mean opening traffic from outside(internet) going to inside(LAN/VPN gateway)?

Are we going to do an IP NAT SOURCE STATIC to all the mentioned ports above to the IP Address of VPN gateway?

About access list, which router interface should we apply this one? and is it INbound or OUTbound?

many many thanks.

2150
Views
0
Helpful
1
Comments