Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1397
Views
0
Helpful
1
Replies

Help Needed - IPSEC from behind ADSL modem

Jonathan Sachetti
Level 1
Level 1

‎04-10-2013 07:11 PM - edited ‎03-04-2019 07:33 PM

Hello,

I'm hoping you guys might be able to help me out.  I'm trying to set up an IPSec tunnel between 2 3845 routers that each sit in a private LAN behind an ADSL modem.  Each modem does have a static public IP address from the ISP.

Thus:

Cisco 3845-1 <-> ADSL modem <-> WAN <-> ADSL modem <-> Cisco 3845-2

3845-1

Gi 0/0 - private ip

         l

NAT

         l

ADSL modem/public IP

        l

WAN

        l

ADSL modem/public IP

        l

NAT

        l

3845-2 GI 0/0 - private IP

So I would like to set up IPSEC between the GI 0/0 interfaces on the 3845's.

Any help that could be provided would be much appreciated. 

Thanks,

Jon

Labels:
0 Helpful
1 Reply 1

Abzal
Level 7
Level 7

‎04-10-2013 09:35 PM

Hi,

ADSL is performing a NAT translation I suppose. I don't know if this config works behind NAT device otherwise you will need to do port forwarding to routers.

Here is simple config:

3845-1:

crypto isakmp policy 2

authentication pre-share

crypto isakmp key cisco123 address 1.1.1.2

!

crypto ipsec transform-set Router-IPSEC esp-3des esp-sha-hmac

!

crypto map VPN_MAP 1 ipsec-isakmp

set peer 1.1.1.2                       // Public IP ADSL modem

set transform-set Router-IPSEC

match address 100

!

interface FastEthernet0/0

description Link to ADSL

ip address 192.168.2.2 255.255.255.252

crypto map VPN_MAP

!

interface FastEthernet0/1

description Link to LAN

ip address 10.20.10.1 255.255.255.0

!

ip route 10.10.10.0 255.255.255.0 192.168.2.1

!

access-list 100 permit ip 10.20.10.0 0.0.0.255 10.10.10.0 0.0.0.255

3845-2:

crypto isakmp policy 2

authentication pre-share

crypto isakmp key cisco123 address 1.1.1.1

!

crypto ipsec transform-set Router-IPSEC esp-3des esp-sha-hmac

!

crypto map VPN_MAP 1 ipsec-isakmp

set peer 1.1.1.1                           // Public IP ADSL modem

set transform-set Router-IPSEC

match address 100

!

interface FastEthernet0/0

description Link to ADSL

ip address 192.168.1.2 255.255.255.252

crypto map VPN_MAP

!

interface FastEthernet0/1

description Link to LAN

ip address 10.10.10.1 255.255.255.0

!

ip route 10.20.10.0 255.255.255.0 192.168.1.1

!

access-list 100 permit ip 10.10.10.0 0.0.0.255 10.20.10.0 0.0.0.255

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card