11-29-2012 07:25 PM - edited 03-04-2019 06:16 PM
Hello,
Here is my client's network diagram
Internet connection-> firewall -> router-> switch
The outside interface of the firewall is connected to the internt with static or dynamic public IP address; The private IP addresses are configured in the inside interface of the firewall and the router.
My client wants to terminate the site to site VPN on the Cisco router. Keep in mind the router has private IP address. Will that be possible? Can you please advise?
Regards,
Joe
11-29-2012 08:24 PM
12-03-2012 12:10 PM
Hi Samy,
Looks i need to run dynamic VPN on the router, same question...Can i terminate the VPN on the private IP address of the router?
Regards,
Joe
12-03-2012 02:00 PM
Could I ask the reason behind the decision to terminate this VPN on the router?
Sent from Cisco Technical Support iPad App
12-04-2012 03:37 AM
Joe
One of the requirements for establishing a VPN is that the remote device must have IP connectivity to the VPN end point without using the tunnel. Can the remote device access the router interface when it has a private address? With static address translation it might be possible. Without static address translation it would not be possible.
HTH
Rick
12-04-2012 07:34 PM
Hi Rick,
Can I configure the one to one NAT on the firewall and terminate the VPN on the router?
Regards,
Joe
12-05-2012 09:47 AM
Hi Joe,
Which device ( router or firewall ) is the VPN endpoint peer?
Joshua
12-06-2012 07:12 PM
Hi Joshua,
The end poin peer is the router.
Thanks!
Joe
12-07-2012 07:38 AM
You will need to setup a VIP on the firewall (or whatever your firewall vendor calls it) so that traffic hitting the public address is forwarded to the private address of your internal router. You would need a rule on the firewall to allow the VPN traffic through. It is a bit of a weird thing to do though because you are bypassing the firewall by tunneling through it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide