Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Sample Configuration

Hi

Please can someone provide a sample configuration for terminating A VPN on the inside interface which has a private address, passing through the outside interface.

I am OK setting up VPNs on the outside interface but I'm struggling to set one up that goes through the firewall.

Thanks

Stuart

4 REPLIES

Sample Configuration

If you're talking about ASA, I think it can't be done, once I tried very hard and that doesn't work as expected.

If you're talking about ISRs then my suggestion is to use a tunnel interface.

New Member

Sample Configuration

Hi Eduardoaliaga

It was on an ASA 5510.

I gave up in the end and got a static IP for the WAN interface. BT provide the No NAT 5 service so I can't be the only one that has come across this issue.

Thanks for the response though.

Thanks

Stuart

Super Bronze

Sample Configuration

Hi,

Just out of interest, what was the reason to even attempt to configure the VPN on the "inside" interface of the ASA? I have never run into a situation where I would even need to consider such a setup.

- Jouni

New Member

Sample Configuration

Hi

The IP address that is assigned to the outside interface (when BT provide 'No NAT 5') is dynamic.

I realise I can set up a VPN with a dynamic address but this will be problematic when dealing with third parties.

The 5 static IP addresses that are assigned are on a different subnet to the one dynamically assigned to the outside interface. BT route the traffic for the static subnet to the dynamically assigned IP address (dynamic peering).

I tried assigning one of the static IPs to an interface and applying the crypto map to the inside (it was a DMZ actually) interface. I also tried NATing the static IP to an inside private address with no luck.

I'd still be interested to know if terminating a VPN through the firewall can be done. There's some stuff on Google that suggests it can be done but I had no success. I couldn't get phase 1 complete. I could see attempts to set it up so the routing and interesting traffic were correctly identified.

Thanks

Stuart

213
Views
0
Helpful
4
Replies
CreatePlease login to create content