Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Solution on vpn 3030 concentrator placement

Dear Pros,

Project explanation:

Pair of pix firewall configured as failover.The outside of the pix pair connected to the internet gateway router 3825.Inside of the pix pair connected to the core switch ports configured with the vlan.The configuration as below

Outside :

Active pix out:

Sec.Pix out :

3825 Gieth :

Inside PIX :

Active pix in :

Sec.PIX IN :

Core SVI in : (Gway for the vlan)

I connected the vpn in parallel to the pix firewall so the

vpn 3030 public is, Private is

Please help me to know the following

1.What is the default route on the vpn 3030

2.what are the static routes in the vpn 3030

3.If we have 10 inside networks in then how to assign the static routes on the vpn 3030 to those networks

4.I have only one public IP configured for 3825 ADSL WAN port.How can i use that IP for vpn 3030 to give access to the vpn clients? (static nat?)

Please give me the solution details.




Re: Solution on vpn 3030 concentrator placement

Your limitation here is the single Public IP Address.

With you setup plan (and similar to others), a dedicated Public IP is a must for the VPN3K Public interface to make it work.

But looking at what you have right now (devices, connectivity and available Public IP), I am not sure if this is possible. A (static) NAT on the router still need dedicated Public IP.



Community Member

Re: Solution on vpn 3030 concentrator placement

Dear Kiprawih,

Thank you for your IPS solution.Here to configure the VPN 3030 woth cisco IPSEC client setup, I did the static nat on the router with its dialer0 wan interface public single IP address

#ip nat inside source static (VPN 3030 public ip) (dialer 0 public ip address)

Now i like you to tell me the above is correct and the config details in the vpn 3030 as i asked in my conversations.

I can ping the public vpn 3030 ip address using the dialer 0 wan public IP bacause the static nat is working fine.but i can not access the LAN using the ip sec vpn client.

I configured the vpn 3030 for both IPSEC and pptp client.

Please correct me where i did mistake in the configuration of the both router and vpn 3030.

Thanking you

CreatePlease to create content