Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1764
Views
0
Helpful
1
Replies

IPSec VPN using a private ip address

kapoor.rishi
Level 1
Level 1

‎09-25-2014 10:09 AM - edited ‎02-21-2020 07:50 PM

Hello All,

 

I need some help. I have been assigned a project where in I need to connect a Cisco 831 router to the companies headend VPN router. The current setup is as follows:

 

Cisco 831-------(private IP: 192.168.x.x)---------Cisco Internet Router------------(Internet)----------VPN Headend.

 

The Headend router does not accept dynamic tunnels and needs a static peer address which the cisco internet router has. How can I setup a VPN tunnel from Cisco 831 to the VPN Headend ? The problem I am facing is that the Cisco 831 has a private ip which is not reachable over the internet hence the VPN headend has no way to reach it to setup the tunnel.

I was considering setting up a tunnel from the Cisco Internet router to the Headend and then specify the traffic from Cisco 831 as the interesting traffic but the concern is that the internet router is also acting as a nat router for anything behind the LAN.

 

Please advise what can be done in this situation.

 

Regards

 

 

 

 

Labels:
0 Helpful
1 Reply 1

Pedro Lereno
Level 1
Level 1

‎09-26-2014 05:23 AM

Hi,

The best way is to setup the "internet router" as the vpn gateway, and on the nat access-list deny the traffic to the vpn.

 

If both ends are Cisco routers, you should try to implement a VTI tunnel instead of the standard vpn. You do not need to define "interesting traffic" only add a route to the tunnel for the vpn traffic:

http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd8029d629_ps6635_Products_White_Paper.html

 

Best Regards,

 

Pedro Lereno

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents