Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec VPN using a private ip address

Hello All,

 

I need some help. I have been assigned a project where in I need to connect a Cisco 831 router to the companies headend VPN router. The current setup is as follows:

 

Cisco 831-------(private IP: 192.168.x.x)---------Cisco Internet Router------------(Internet)----------VPN Headend.

 

The Headend router does not accept dynamic tunnels and needs a static peer address which the cisco internet router has. How can I setup a VPN tunnel from Cisco 831 to the VPN Headend ? The problem I am facing is that the Cisco 831 has a private ip which is not reachable over the internet hence the VPN headend has no way to reach it to setup the tunnel.

I was considering setting up a tunnel from the Cisco Internet router to the Headend and then specify the traffic from Cisco 831 as the interesting traffic but the concern is that the internet router is also acting as a nat router for anything behind the LAN.

 

Please advise what can be done in this situation.

 

Regards

 

 

 

 

1 REPLY
New Member

Hi,The best way is to setup

Hi,

The best way is to setup the "internet router" as the vpn gateway, and on the nat access-list deny the traffic to the vpn.

 

If both ends are Cisco routers, you should try to implement a VTI tunnel instead of the standard vpn. You do not need to define "interesting traffic" only add a route to the tunnel for the vpn traffic:

http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd8029d629_ps6635_Products_White_Paper.html

 

Best Regards,

 

Pedro Lereno

570
Views
0
Helpful
1
Replies
CreatePlease login to create content