Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
0
Helpful
2
Replies

establish GRE/IPSEC behind router ADSL

Go to solution
adelbano
Level 1
Level 1

‎12-13-2011 04:14 AM - edited ‎02-21-2020 05:45 PM

Hello All. This is my first post. I've look a lot in internet so I don't found any help about this issue.

I want to establish a VPN with GRE between 2 sites but one of them is behind a router ADSL. This router redirects all external traffic to outside router interface.

The problem is that I don't know how to configure this router because in show crypto ipsec sa you can see that local crypto endpt is 192.168.0.147

and the other router receive this IP address to stablish second phase.

I hope this have been  explained clearly.

Thanks a lot experts!!!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
david.tran
Level 4
Level 4

‎12-13-2011 04:59 AM

The problem is so much simpler if both your GRE and IPSec termination endpoint is terminated on the same interface without NAT.  However, things get a bit tricky when you have NAT involved.  In that situation, follows the configuration example below:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml

I've labbed this up many years ago and it works fine

View solution in original post

0 Helpful
2 Replies 2

Go to solution
david.tran
Level 4
Level 4

‎12-13-2011 04:59 AM

The problem is so much simpler if both your GRE and IPSec termination endpoint is terminated on the same interface without NAT.  However, things get a bit tricky when you have NAT involved.  In that situation, follows the configuration example below:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml

I've labbed this up many years ago and it works fine

0 Helpful

Go to solution
adelbano
Level 1
Level 1
In response to david.tran

‎12-13-2011 06:51 AM

Thank you for you reply!

But I can't adapt this lab to my real scenario. The router ADSL is doing NAT to my Cisco router is a 192.168.0.147 ip address and is not routable. So when the other router receive router source 192.168.0.147 I suppose it can't connect

This is the schema connection.

Cisco Router (192.168.0.147) ---> ADSL Router (Public IP) ---> Internet --->Cisco Router (with Public IP)

I don't know how to change the source IP address in the crypto map to the public IP addres to establish second phase.

Thanks a lot for your help!

Albert.

0 Helpful
Customers Also Viewed These Support Documents