Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

SA540 - VPN Configuration

Hello, All.

Looking for some routing assistance with an SA540 router connecting to corporate VPN.

We have an odd configuration that is beyond the scope of what I have configured previously with these devices so I'm looking for some advice.

Please see the attached image to understand the configuration of the network:

I am trying to configure the routing to the additional IP addresses listed for the HQ.  The VPN tunnel between the .26.120.x and the .17.0.0 networks is built however it does not appear to be routing.  The Cisco administrator at the HQ site says that they have "fully configured the routing" from all the listed IP addresses back through the VPN tunnel.

The options I am unsure of for configuration of the SA540 router are:

GW - I believe that I use the internal IP address of the 17.26.120.x router

     - Is this logical since the VPN tunnel

Private - what is this? - the description indicates its for RIP but we are not using that in our environment

We are using NAT for the firewall internally.

The existing 3 172.26.x.x VPN tunnels are live and working and fully routing between themselves.

Any suggestions would be appreciated!

Everyone's tags (5)
New Member

SA540 - VPN Configuration

Hiyah Ross,

I am no expert but I took a look at your network diagram. I feel that your topology is working for your three existing connections at your branch office because they are all fitting into the 17.26.X.X subnet. If you want to be able to interconnect your VPN connections in the manner that you are currently suggesting you would then need to either convert your branch office to the 17.17.X.X subnet or convert your HQ subnetting scheme to 17.26.X.X. Test it out and let me know. I think this should work but if not I'll be happy to offer more suggestions



New Member

SA540 - VPN Configuration

Unfortunately your answer is inaccurate. Because he is using /24's everywhere, he has different subnets all throughout his facility therefore to the device they are all independant.

With respect to the GATEWAY address the question is, what is your gateway outside. If you're using the device as the router to the outside World, then the next hop would be the ISP's first Router, otherwise it would be the default router internal facing interface and the Subnet configured on it.

Private means "LAN" -

Public means "WAN" -

CreatePlease to create content