Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
5
Replies

Setup Cisco router to router VPN on side behind another router using NAT?

Tony_MN
Level 1
Level 1

‎12-02-2019 07:44 AM

I have a project I am working on with setting up a VPN between my house and my office network.

At my house I have cisco 2921 router connected to my comcast modem. I am trying to connect to my equipment at my office. It is a Cisco router 2800 series and it sits behind another router that uses NAT, i have no control over that router for anything, ports or otherwise. 

Is it possible to set up VPN to have my networks connected? I have tried to set them up and tunnels, VPN etc will not come up. I currently use REALVNC and their system works very well for always getting to a couple of computers on either end. I am learning Cisco so i wanted to give this a try.

Need help... Is this even possible

 

setup quick and crude description is this :

 

myhomenetwork--(NAT)Cisco2921--comcastmodem-------internet-------buildinglandlordrouter(NAT)---myCisco2800(NAT)---myofficenetwork

 

Labels:
0 Helpful
5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

‎12-02-2019 07:56 AM

There are things that we do not know about your environment and that makes it difficult to give good answers. 

- your 2921 is connected to the comcast modem. Does it have a public IP or a private IP? Does it have a static IP or is it getting an IP dynamically from comcast? Static IP would make it more simple while dynamic IP is possible but more complex.

- at the office the 2800 is behind the building router and NAT is performed. Is there a static NAT for the 2800 outside interface or is it dynamic NAT? If it is dynamic NAT then I believe that site to site vpn from your how network to office network is not going to be possible. Can you provide clarification about these point?

 

HTH

 

Rick

HTH

Rick
0 Helpful

Tony_MN
Level 1
Level 1
In response to Richard Burts

‎12-02-2019 08:03 AM

Thanks for the reply Richard,

2921 at home i set to get public ip from comcast dhcp. and in the past it rarely changes (maybe once a year)

2800 at office is getting it probably from dhcp, however it never changes.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Tony_MN

‎12-02-2019 08:09 AM

Thank you for the additional information. If your 2921 is getting a public IP that does simplify setting up the vpn. However if the office router as configured the peer router for its vpn as your current public IP and your public IP ever changes then the vpn will be broken. How big a concern is this?

 

You tell us that the office 2800 is probably getting its address from dhcp. So it has the same challenge about the impact if its address does ever change. And you have not answered the question about whether NAT for the office 2800 outside interface is dynamic or static. 

 

HTH

 

Rick

HTH

Rick
0 Helpful

Tony_MN
Level 1
Level 1
In response to Richard Burts

‎12-02-2019 08:20 AM

Right now I just need to know this is possible. If I can set it up with current equipment. I will get it going and tinker with it from there on.

I am not concerned about the IP's changing right now. If it works for a week right now I would be happy. and I do not expect the IP's to change for much longer if they do at all.

 

I set up 2800 outside as static. I believe that on landlords it is dynamic but my equipment is always connected so it seems to be always the same address....

 

 

0 Helpful

Tony_MN
Level 1
Level 1
In response to Tony_MN

‎12-02-2019 08:23 AM

I set everything up this way because I had other consumer equipment in place and I set the cisco equipment up at home in lab to be plug n play swaping the consumer equipment with cisco without effecting the lans
0 Helpful
Customers Also Viewed These Support Documents