Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

establish GRE/IPSEC behind router ADSL

Hello All. This is my first post. I've look a lot in internet so I don't found any help about this issue.

I want to establish a VPN with GRE between 2 sites but one of them is behind a router ADSL. This router redirects all external traffic to outside router interface.

The problem is that I don't know how to configure this router because in show crypto ipsec sa you can see that local crypto endpt is 192.168.0.147

and the other router receive this IP address to stablish second phase.

I hope this have been  explained clearly.

Thanks a lot experts!!!

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

establish GRE/IPSEC behind router ADSL

The problem is so much simpler if both your GRE and IPSec termination endpoint is terminated on the same interface without NAT.  However, things get a bit tricky when you have NAT involved.  In that situation, follows the configuration example below:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml

I've labbed this up many years ago and it works fine

2 REPLIES
Bronze

establish GRE/IPSEC behind router ADSL

The problem is so much simpler if both your GRE and IPSec termination endpoint is terminated on the same interface without NAT.  However, things get a bit tricky when you have NAT involved.  In that situation, follows the configuration example below:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml

I've labbed this up many years ago and it works fine

New Member

establish GRE/IPSEC behind router ADSL

Thank you for you reply!

But I can't adapt this lab to my real scenario. The router ADSL is doing NAT to my Cisco router is a 192.168.0.147 ip address and is not routable. So when the other router receive router source 192.168.0.147 I suppose it can't connect

This is the schema connection.

Cisco Router (192.168.0.147) ---> ADSL Router (Public IP) ---> Internet --->Cisco Router (with Public IP)

I don't know how to change the source IP address in the crypto map to the public IP addres to establish second phase.

Thanks a lot for your help!

Albert.

436
Views
0
Helpful
2
Replies