Here is my client's network diagram
Internet connection-> firewall -> router-> switch
The outside interface of the firewall is connected to the internt with static or dynamic public IP address; The private IP addresses are configured in the inside interface of the firewall and the router.
My client wants to terminate the site to site VPN on the Cisco router. Keep in mind the router has private IP address. Will that be possible? Can you please advise?
Looks i need to run dynamic VPN on the router, same question...Can i terminate the VPN on the private IP address of the router?
One of the requirements for establishing a VPN is that the remote device must have IP connectivity to the VPN end point without using the tunnel. Can the remote device access the router interface when it has a private address? With static address translation it might be possible. Without static address translation it would not be possible.
You will need to setup a VIP on the firewall (or whatever your firewall vendor calls it) so that traffic hitting the public address is forwarded to the private address of your internal router. You would need a rule on the firewall to allow the VPN traffic through. It is a bit of a weird thing to do though because you are bypassing the firewall by tunneling through it.