Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSec VPN with VTI behind DSL router

Hi All,

Is it possible to use a vti tunnel interface on a router when the outside interface has a private IP address connected to a DSL modem with a static public IP address, in other words the router sits behind the DSL modem?

 

Router gi0/1        -->        DSL Modem     -->     Internet  --> to HQ (Firewall with static IP)

Outside 192.168.1.2            WAN static public IP

                                                       LAN 192.168.1.1

 

Interface config:

interface GigabitEthernet0/1
 ip vrf forwarding Internet-VRF
 ip address 192.168.1.2 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
end

 

Tunnel config:

crypto isakmp policy 282
 encr aes 256
 authentication pre-share
 group 2
 lifetime 28800
 hash sha
crypto isakmp key 0 PSK address xxx.xxx.xxx.xxx
!
crypto ipsec transform-set aes256-sha esp-aes 256 esp-sha-hmac
 mode tunnel
!
crypto ipsec profile VPN
 set transform-set aes256-sha
 set pfs group2

interface Tunnel1
 ip vrf forwarding Internet-VRF
 ip address 172.27.82.254 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 tunnel source Gi0/1
 tunnel mode ipsec ipv4
 tunnel destination xxx.xxx.xxx.xxx
 tunnel protection ipsec profile VPN

 

I have been digging into Cisco documentation but have no answer found.

Thanks in advance.

116
Views
0
Helpful
0
Replies