I have a 10 Mb Fibre connection coming into a 2821 ISR that is doing NAT, etc... I have had issues in the past getting site to site VPN's working on it... The company recently purchased another 2821 with the SSLVPN module in it. I am wondering if I can set this router up strictly for VPN and remote access to offload VPN from the primary router. I want to hang the concentrator 2821off the main 2821 and I want to give the VPN Router one of my public IP's and route all VPN traffic from the main router to the VPN router.
I think this will work but I'm having a problem figuring out what the configuration would look like. If anyone can help me out, maybe point me in the right direction, it would be greatly appreciated.
Hi, I don't see a reason why should not work.. you have the right idea.. having both routers running in parallel as long each have public IP facing the outside just as if you would have a VPN 3k concentrator.. same principle... both routers fastethernet would be touching your internal network.. so theorically should be no problem.
I will have a public IP on the main router that NAT's it tothe VPN router. When a remote client vpn's in they will be accessing the IP that is designated for the VPN router. So when the main router recieves that request it knows that it should go to the VPN router.Does that make sense?
Yes it makes sence but I believe when you configure in MAIN router the other interface with public IP that is under the same IP scheme from the other interface you will get error IP address overlapps with the other interface..
i will configure the outside interface with a public ip x.x.x.x the inside will have a 220.127.116.11 IP with a secondary IP of 172.20.1.1 There will a nat entry that says public ip vpn.vpn.vpn.vpn goes to 172.20.1.2 which will be the outside interface of the vpn router. the inside interface IP is where i am havin issues deciding how it will be able to access the regular LAN. Am I not getting it? Sorry still a little green with Cisco.
I see.. have not come acrross a scenario like this .. so your VPN router 172.20.1.2 is ip nat outside, is the inside interface ip nat inside ? for VPN router to know about your LAN there has to be some type of routing going - either static routing or dynamic routing.. let me ask have you already try RA vpn connections to that VPN router and have that RA connection at least be able to ping VPN router inside interface.?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :