Showing results for 
Search instead for 
Did you mean: 

Site to Site VPN through another Cisco 5516

Level 1
Level 1

Need some guidance on adding a Cisco 5505 FW to create a site-to-site VPN across an already in place Cisco 5516. Adding a VPN = Home Site A (Cisco 5505) > (Existing Firewall) > Client Site B (Cisco 5505) Existing FW = Cisco 5516 Need to allow some servers on Site A to send data to Site B through a tunnel that flows through the existing 5516. What kind of IP addressing and NATing would be necessary to establish the tunnel. I can't use existing 5516 FW to create the tunnel with Site B. Does the Site A 5505 need a public or private IP for this to work? What would be the best way to do this? See attached for what we have come up with so far at a high level. Is ETH1 even necessary on the new 5505, or can we just use one interface? The New OT DMZ interface is where we were thinking of putting the new 5505. Thanks.

2 Replies 2

Dennis Mink
VIP Alumni
VIP Alumni

you would need to stick a public IP address on the 5505 so the remote end van use it as the VPN Peer address. the existing 5516 will need to route that public IP address back to the 5505 and it will need to allow ESP and ISAKMP to establish the tunnel.


how many public Ip addresses do you have?

Please remember to rate useful posts, by clicking on the stars below.

Thanks for your reply. Yes i think we have extra public IPs we can use. Will try to set up that way and see if it works.
Review Cisco Networking for a $25 gift card