vpn tunnel on a 1712 router with only one interface
I wonder if it is possible to create a vpn tunnel between a cisco router using only one interface ? the same interface would lead to both external and internal networks, like reverse proxies for instance.
Of course the crypto map is configured on this unique interface.
All my attempts failed for the moment. It is only working when configuring one external interface with crypto map and one internal interface.
Re: vpn tunnel on a 1712 router with only one interface
I need to do this configuration because of my customer. He allows only one interface on a dedicated DMZ. Therefore i must configure the router to act as a reverse proxy.
In fact i need to set up a tunnel between a Checkpoint FW and the cisco router.
Additionaly, the cisco router has only one private address. Th Nat is performed by the customer internet firewall.
And the source adresses on my side have to be Nated to a private adress 172.31.x.x (PAT) before going to the tunnel.
FW VPN ---------------> Cust Int FW ---> VPN cisco
My Lan (encrypt.domain) Cust.LAN (encrypt.domain)
Since my first post i managed to make this works with a loopback interface and the "set ip next-hop" command : i re-route virtually the encrypted packets through the loopback, then it seems that the router acts as if it has two network interfaces.
But each time i make a change (New NAT, PAT, network address) for my tests (before setting-up definitly the VPN) i meet difficulties with ACLs (the one for the route-map, and the one for the crypto map)
The most frequent error message is (when i don't use any route-map): %CRYPTO-4-RECVD_PKT_NOT_IPSEC
I think that i don't clearly understand what to put on the ACLs and maybe the route-map solution is not the good one for my configuration.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...