Cisco Support Community

two (or more) vpn clients behind one public IP

Hello, community. Please suggest me what to do. I have design problem to implement in our network.

We have large number of remote SOHO routers (87x, 88x) that connects to our network via DMVPN with encryption or EzVPN. Now I've spotted the issue - two clients can't be connected if they have private RFC1918 IPs behind one single public IP. In this case we are using pptp clients with help of "service internal" command, but this is not good solution since mppe is CPU intensive and we are concerned about network security. L2TP without encryption is not the solution also because of security. L2TP with IPSec is not possible since nat traversal is not working in case of single public IP as with DMVPN+ipsec or EzVPN.

So my question is what to select for feature implementation? pros/cons? Thanks in advance.

CreatePlease to create content