Solved: IP Sec VPN connection using the same WAN Peer IP to Another client

usergoogle · ‎04-14-2017

Hi,

I am having a 2900 series Router in which I have created an IPsec VPN to connect to one of my client using the Peer IP and Public IP provided by my ISP.

The Router has three interfaces g0/0, g0/1,g0/2. Out of these g0/0 connects to the Internet, g0/1 connects to LAN, g0/2 is idle. The IPsec VPN's Crypto Map is applied on the g0/0 interface which connects to the Internet using the Peer IP and Public IP provided by the ISP.

Now I want to create a similar IPSec VPN with another client

My First Question

Can I create another IPsec VPN for a new client with the same Peer IP and Public IP that I used for my existing IPsec VPN connection?

My Second Question

If I purchase another link from my ISP and configure it in my g0/2 interface and create an IPSec VPN on it, will the systems connected to g0/1 be able to access both the links and IPSec VPNs connected??

nurbol555 · ‎04-17-2017

Hi

With your one peer WAN ip address you can create few IPSEC with other peer addresses, it will be like IPSEC1 (x.x.x.x to w.w.w.w) IPSEC2(x.x.x.x to z.z.z.z) IPSECN(x.x.x.x to n.n.n.n).

View solution in original post

Jon Marshall · ‎04-17-2017

Is the WAN IP a public IP ie, is it reachable from the clients ?

Not sure what the difference is between WAN IP and public IP.

Jon

View solution in original post

Jon Marshall · ‎04-14-2017

Not sure I follow ie. you say you already have a VPN with a client and now you want to connect another client but with the same peer IP. What exactly do you mean by peer IP because a different client would surely have a different public IP at their end.

Yes to your second question but you shouldn't have to do this unless you want more bandwidth.

Jon

usergoogle · ‎04-14-2017

Peer IP is, say the WAN IP

Ok, So you mean that I can't use the same Public IP that I have already used to connect to a client using VPN, for another new client.

So does that mean that I need to get another new Link from My ISP to create another IPsec VPN with a new Client

Jon Marshall · ‎04-14-2017

If you mean that is your WAN IP then presumably the new client has a different public IP than the existing client. If that is the case and the new client is using a different network range then yes you can use the same WAN IP.

To do this you simply have multiple entries in your crypto map and the router works through them until it finds a match which is why the remote networks must be different between clients.

Jon

usergoogle · ‎04-16-2017

So with one WAN IP and Public IP I can configure my Router to connect to two clients via two IP Sec VPN as below

nurbol555 · ‎04-17-2017

Hi

With your one peer WAN ip address you can create few IPSEC with other peer addresses, it will be like IPSEC1 (x.x.x.x to w.w.w.w) IPSEC2(x.x.x.x to z.z.z.z) IPSECN(x.x.x.x to n.n.n.n).

Jon Marshall · ‎04-17-2017

Is the WAN IP a public IP ie, is it reachable from the clients ?

Not sure what the difference is between WAN IP and public IP.

Jon

usergoogle · ‎04-17-2017

My ISP have given two IP Sub nets, One which is configured on my Internet interface named the Peer IP and another is the Public IP which is configured for NATing Pool

Both are reachable by the clients

Jon Marshall · ‎04-17-2017

Okay that makes sense.

So just to clarify you would create multiple VPN tunnels just using the WAN IP ie. the IP assigned to the physical interface and you do this by having multiple crypto map entries.

Jon