Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN through Home NAT router

So, I hope this is has a solution here goes:

Have an office with an RV082 as a VPN hosting appliace and main router. I also have two field sales agents who work from home. I would like to connect them and an IP phone to our office lan so I'm looking into VPN to connect their home to my office through their home ISP's. The problem is the BEFSX41's we have won't work from inside their home routers (netgear on one and linksys on the other) even though they pass PPTP traffic. To clarify, they can currently, from a laptop, connect to the RV082 PPTP service.

Does the failure of gateway to gateway negotiation have something to do with the BEFSX41 not having its own public IP address? I'm just afraid that moving the BEFSX41 before their home router will give everyone in their home lan (read: kids) access to the company LAN via the IPSEC tunnel. Also - putting the BEFSX41 as the DMZ device on their home routers did not successfully create a tunnel.

Am I right about the lack of public IP for the outlying offices and is there an elegant solution I'm missing?

Suggestions and questions welcome.

Cisco Employee

Re: VPN through Home NAT router


The BEFSX41 should get a valid ip from the DSL/cable MODEM every time it boots up. With just straight PC traffic there very simple to set up. I'm not sure what the BEFSX41 will do with ip phones and tunnels ETC though of if its even supported. I do know with like an cisco 87x you can set up secure/tunnel ports and and have other port wide open that should not traverse the tunnel and they will also pass ip voice traffic with no issues. You can then connect the BEFSX41 to one of the open ports and the the "Kids" will not have access to the corporate lan and they will also have a few extra ports.

Just an idea.

Thx Steve

Community Member

Re: VPN through Home NAT router


The BEFSX41 is sitting downstream of the end user's home DSL/Cable router - I hadn't considered configuring the BEFSX41 in the "IP Range" mode to avoid the IP of their WIFI router, and then place it upstream of that device. I'll give that a go next. I suspect that once the BEFSX41 gets a publicly routable IP from the DSL/Cable modem we're good to go, but it wasn't when it was sitting downstream of the Modem -> Home WIFI router -> BEFSX41 arrangement. Actually, putting the BEFSX41 upstream of their home router would also give me better QOS control . . hmmm, this might end up being simpler than I was thinking. Thanks for the push.

CreatePlease to create content