Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
858
Views
0
Helpful
8
Replies

Site to Site VPN issue

Joe Lee
Level 1
Level 1

‎11-29-2012 07:25 PM - edited ‎03-04-2019 06:16 PM

Hello,

Here is my client's network diagram

Internet connection-> firewall -> router-> switch

The outside interface of the firewall is connected to the internt with static or dynamic public IP address; The private IP addresses are configured in the inside interface of the firewall and the router.

My client wants to terminate the site to site VPN on the Cisco router. Keep in mind the router has private IP address. Will that be possible? Can you please advise?

Regards,

Joe

Labels:
0 Helpful
8 Replies 8

KARUPPUCHAMY MALAIYANDI
Level 4
Level 4

‎11-29-2012 08:24 PM

Here you go

https://supportforums.cisco.com/thread/343363

Thanks / Samy

0 Helpful

Joe Lee
Level 1
Level 1
In response to KARUPPUCHAMY MALAIYANDI

‎12-03-2012 12:10 PM

Hi Samy,

Looks i need to run dynamic VPN on the router, same question...Can i terminate the VPN on the private IP address of the router?

Regards,

Joe

0 Helpful

Aileron88
Level 1
Level 1
In response to Joe Lee

‎12-03-2012 02:00 PM

Could I ask the reason behind the decision to terminate this VPN on the router?

Sent from Cisco Technical Support iPad App

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Aileron88

‎12-04-2012 03:37 AM

Joe

One of the requirements for establishing a VPN is that the remote device must have IP connectivity to the VPN end point without using the tunnel. Can the remote device access the router interface when it has a private address? With static address translation it might be possible. Without static address translation it would not be possible.

HTH

Rick

HTH

Rick
0 Helpful

Joe Lee
Level 1
Level 1
In response to Aileron88

‎12-04-2012 07:34 PM

Hi Rick,

Can I configure the one to one NAT on the firewall and terminate the VPN on the router?

Regards,

Joe

0 Helpful

jowegrzy
Level 1
Level 1
In response to Joe Lee

‎12-05-2012 09:47 AM

Hi Joe,

Which device ( router or firewall ) is the VPN endpoint peer?

Joshua

0 Helpful

Joe Lee
Level 1
Level 1
In response to jowegrzy

‎12-06-2012 07:12 PM

Hi Joshua,

The end poin peer is the router.

Thanks!

Joe

0 Helpful

mfurnival
Level 4
Level 4

‎12-07-2012 07:38 AM

You will need to setup a VIP on the firewall (or whatever your firewall vendor calls it) so that traffic hitting the public address is forwarded to the private address of your internal router. You would need a rule on the firewall to allow the VPN traffic through. It is a bit of a weird thing to do though because you are bypassing the firewall by tunneling through it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card