Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

SA 540 routable ip on inside interface

I have a client who recently purchased an SA 540 to replace an old Sonicwall, they had a vpn connection with a medical software company on the old device.  The software company says the inside interface of the vpn needs to be a routable (outside ip) as opposed to the usual inside being a private address.  My understanding is that the inside address of my side of vpn would be an outside address that would then be natted to the server.  A friend of mine who is vey experienced with Cisco says this can be done on the ASA devices as he has had to do it with several financial companies vpns to his company but not sure about SA 540 as he has never seen one.  Does anyone know if this can be done on SA boxes and if so how to configure it.




Re: SA 540 routable ip on inside interface


You can assign a public IP address to the SA's inside interface as well as the ASA's inside interface.

You can also NAT on both units.

What exactly is going to be the purpose of having the inside address a routable address?


New Member

Re: SA 540 routable ip on inside interface

This is a requirement from the medical software company, I think they got tired of dealing with a bunch of internal ips being the same from all of their clients.  Anyway they require the vpn to look like its coming from a routable ip on the internal side which is not how I have always done it.

Usually the vpn gateway is the external ip and the internal lan is some private ip like 192.168.x.x but he is saying the inside has to be one of our outside ip addresses for the vpn.  So if my wan interface is 201.100.25.x and my internal is usually 10.0.0.x  and the internal server is really on a 10.0.0.x address how can I configure the vpn to show the internal lan to be 201.100.25.x when it is not really that and still get it to the server?  The medical company said that we could even use a fake address as it is not being used for anything but the vpn and they would input the address on their side I think they have a Cisco concentrator.

I hope this makes sense as it is confusing to me.

Re: SA 540 routable ip on inside interface

It sounds like they want to communicate with your side via the VPN, but to public IP addresses.

If this is the case, it is not necessary to have the inside configured with public IP addresses. You can just NAT the VPN traffic, so that when the traffic reaches their end, it goes with the routable IP that they need.

In other words, they will think they are talking to a public IP via the VPN, while you're just performing NAT on the appropiate devices that will go through the tunnel.

Makes sense?


CreatePlease to create content