I am trying to get a VPN circuit up, but have not been able to get any connectivity over the WAN.
The near-side VPN source (3725rtr) is an internet-facing interface with a public IP.
The remote VPN destination (2621rtr) is an internet-facing interface with a private IP. The 2621 sits behind a border router (7206rtr) with a public IP on it's internet-facing interface and a private IP on it's internal-facing interface (directly connected to the 2621rtr). The remote VPN engineers have expressed no interest in NAT for the VPN destination IP.
Is there a way to route VPN traffic from the VPN source (public IP) to the VPN destination (private IP) without using NAT in the 7206rtr?
I tried to use an "ip route" statement in 3725rtr:
ip route <2621rtr private> <mask> <7206rtr public>
and another one in the 7206rtr:
ip route <2621rtr private> <mask> <FastEthernetx/x>
(the directly connected interface btwn the 7206 and the 2621)
But this doesn't work. I suspect that the problem is due to the fact that private IP's are not routable. Are there other options, protocols, routing statements that will enable this tunnel?
Thanks for any assistance.
Jon