12-12-2009 05:46 PM
VPN server is behind the cisco adsl 857w router/modem.
From a remote site, we want to establish an IPsec VPN tunnel and a PPTP remote VPN access.
#1. How to configure the 857w to bridge mode or modem only?
#2. If 857w ramains as adsl router/NAT, how to configure this router such that IPSec VPN tunnel can be established and PPTP remote VPN access would work?
Many many thanks.
12-14-2009 12:24 AM
I would not recommend putting your VPN (server) behind NAT. It is doable though.
You will need to open ports for IKE(isakmp) and IPsec (udp/500, udp/4500 for nat-t and protocols 50 and 51 for esp and ah respectively.)
I guess it's possible to do this by the use of a static nat. You will just have to try. What kind of box is your vpn server? ASA? VPN3k?
12-14-2009 05:21 AM
Thanks Kent.
Yeah that is why I ask #1 above if I can configure the 857w to bridge mode or modem mode only so that the VPN box will handle the public ip address.
It is a DFL-860 VPN/Firewall.
I am a bit confused though because I can only do a static NAT (port forward) on the following ports:
udp 500
udp 4500
esp ip 50
but ip 51 is not available.
when i tried to check the prots/ports available using ACL (using the ? key), they showed there including GRE ip 47 and other IKE related traffic/ports.
I guess if somebody can help me configure the 857w to a dumb modem, it would be easy for me to configure IPSec site to site VPN and PPTP remote VPN access.
Many many thanks.
12-14-2009 05:35 AM
You are confusing the static with PAT. You're not going to be doing any port address translation, but a static nat translation.
By this I mean that you should dedicated an external IP to use in your static nat for the VPN server. Instead of PAT'ing it.
Refer to this guide http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml :-)
If you desperately want to put your 857 in bridge mode then what you need to read up on is the "bridge-group" functionality. I'm sure you can find this on CCO somewhere!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: