Traffic passthrough on specific IP

Rene Mueller · ‎10-02-2019

Hello,

there is a Cisco 800 Series Router which is our Internet Gateway. It has a static public IP. Now we want to setup a secondary public static IP to the Routers outside Interface and want to passthrough all traffic which comes in on this new IP to an internal VPN Router. How is that possible? I am thinking of route maps and NAT, but not sure.

Maybe someone can help me out?

Thanks,

Georg Pauwen · ‎10-02-2019

Hello,

you need to configure IPSec passthrough on your 800 router. Is the VPN router a Cisco router as well ?

Have a look at the document below:

IOS Router to Pass a LAN-to-LAN IPSec Tunnel via PAT Configuration Example

https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/23820-ios-pat-ipsec-tunnel.html

Rene Mueller · ‎10-02-2019

the other Router is not a Cisco Router. And I need to forward all kind of traffic which comes in on this specific second IP, not only VPN traffic? Is there an option?

Georg Pauwen · ‎10-02-2019

Hello,

the sample document is not specific for a Cisco router, the important thing is the configuration of the PAT (the 800 in your case) router.

If there is npn-VPN traffic that needs to get to that second router, you can just exclude it from being encrypted and use 'regular' routing.

Rene Mueller · ‎10-02-2019

Is it possible to pass vpn traffic to the second vpn router although these kind of protocols are used on the first router? Like if I pass vpn traffic which comes in on the second IP address of the same outside Interface. And all other VPN Traffic which comes in on the first IP will be terminated and used on the first router.

Example:

When I try to setup an "ip nat inside source static 192.168.1.1 22 9.9.9.9 22" it says that the Port 22 is being used by system. In this example IP 9.9.9.9 is the secondary public IP.