Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

is public IP to NATed private IP site-to-site VPN possible?

Hi,

My customer having two sites. At one site DSL is directly connected to firewall, it got fixed public IP.

Another site Internet is terminated on Broadband router, this public IP is used for internal clients and firewall.

Now I want to setup site-to-site VPN in between public IP firewall and private IP firewall. is it possible?

Any suggestion in advance is appreciated.

Regards

skrao

3 REPLIES
Gold

Re: is public IP to NATed private IP site-to-site VPN possible?

Its possible only with port forwarding to firewall private IP - you must forward UDP port 500 (IKE) and UDP 4500 for nat-traversal

it shloud be something like this

On broadband router

ip nat inside source static UDP private_firewall_IP 500 PublicIP_router 500

ip nat inside source static UDP private_firewall IP 4500 PublicIP_router 4500

and

On routers Public interface

ip nat outside

On routers Public interface

ip nat inside

New Member

Re: is public IP to NATed private IP site-to-site VPN possible?

Thanks for your reply.

broadband router is not in my control to configure NATing.

is there any other way without touching broadband router to setup site-to-site VPN.

Regards

skrao

Gold

Re: is public IP to NATed private IP site-to-site VPN possible?

So Iam affraind there is now way - when you configure IPsec tunnel both endpoints must be reachable through internet

147
Views
0
Helpful
3
Replies
CreatePlease login to create content