Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
3
Replies

NAT for a private IP

Joe Mullis
Level 1
Level 1

‎11-11-2012 05:39 PM - edited ‎03-11-2019 05:21 PM

We have some Cisco 2911's that we are configuring 2 VPN's ( second is for redundancy) We are pretty confident on the failover VPN setup using SLA monitoring.

One thing we are stuck on is the redundant VPN will be setup over a 3G connection provided by verizon. Verizon issues a Private IP ( 192.168.100.X) the far end device terminating the VPN has a public ip of 183.172.22.XX , what kind of NAT translation do I need to make this work ?  Also does Cisco have any good configuration examples for VPN Failover setups for Cisco 2911's?

Any help would be appreciated !

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎11-11-2012 07:03 PM

Hello Joe,

One thing we are stuck on is the redundant VPN will be setup over a 3G connection provided by verizon. Verizon issues a Private IP ( 192.168.100.X???

You will need to perform a port-forwarding for ports UDP 4500 and UDP 500 on the verizon router so that traffic gets redirected to the 2911 router so the tunnel gets stablished.. but the router will have the regular setup,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Joe Mullis
Level 1
Level 1
In response to Julio Carvajal

‎11-13-2012 10:45 AM

So I will be OK using a private IP to initiate the VPN tunnel ? I was assuming I would need a public IP or else the Verizon router assisgning me the private IP would not know how to forward my request out? I am getting little to no help from Verizon on this matter and im just trying to iron out the details.

From my router if verizon gives me 192.168.1.2 and I setup the VPN with this IP, it will get forwarded to verizons router say its 192.168.1.1 that verizon router will not know what to do with my VPN request right? So i circumvent this issue I would need a public IP address from verizon or i would need verizon to push my VPN request out to my far end correct ?

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Joe Mullis

‎11-13-2012 11:38 AM

So I will be OK using a private IP to initiate the VPN tunnel ? I was assuming I would need a public IP or else the Verizon router assisgning me the private IP would not know how to forward my request out?

-You do need a public IP address to be able to communicate to the other site of the VPN, but that will be set on the verizon modem, So you will provide that ip to the other VPN site so they can use it as the VPN peer, Then on your modem or ISP router you will perform the already discussed port-forwarding

I think that explanation answers both questions, let me know if that is not the case!

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card