Is it possible to use a vti tunnel interface on a router when the outside interface has a private IP address connected to a DSL modem with a static public IP address, in other words the router sits behind the DSL modem?
Router gi0/1 --> DSL Modem --> Internet --> to HQ (Firewall with static IP)
Outside 192.168.1.2 WAN static public IP
interface GigabitEthernet0/1 ip vrf forwarding Internet-VRF ip address 192.168.1.2 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto end
interface Tunnel1 ip vrf forwarding Internet-VRF ip address 172.27.82.254 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp tunnel source Gi0/1 tunnel mode ipsec ipv4 tunnel destination xxx.xxx.xxx.xxx tunnel protection ipsec profile VPN
I have been digging into Cisco documentation but have no answer found.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...