12-26-2021 08:54 AM
Hi Folks.
I recently passed my ENCOR exam, yet a new work project I have is revealing 2 questions I've had for a while...
Question1: How does the ISP work with the enterprise when the enterprise wants to use a public IP address on its border router? What is expected of the ISP? Will the enterprise need to set up BGP routing on its border router?
Question 2a: Without a DMVPN setup, is it possible (however impractical) to set up a VPN in which a public IP addressed, pre-configured router plugs into an ethernet port at a residence, probably inside an ISP's private network, so that the router will achieve VPN connectivity to the enterprise office?
Question 2b: Is the above solution possible if the router does not locate behind a NAT gateway?
Thank you!
Jim
(ENCORE 12.21)
Solved! Go to Solution.
12-29-2021 04:35 AM
Hi
Question1: How does the ISP work with the enterprise when the enterprise wants to use a public IP address on its border router?
Enterprise using public IP address is actually the usual. And this is not a problem for ISPs as they provide the IP address rang for enterprises.
What is expected of the ISP?
IP address range, Gateway, Subnet mask, routing protocol, if that the case.
Will the enterprise need to set up BGP routing on its border router?
It dependes on what you are trying to do. Most, if not , all enterprise I konw use BGP but this is not required in most case. If you are using only one ISP, even a static route can solve your problem. If you are using multiples ISP and you want to play with load balance, redundance, etc, you may want to have BGP in between. You may want to have your own Autonomous System.
Question 2a: Without a DMVPN setup, is it possible (however impractical) to set up a VPN in which a public IP addressed, pre-configured router plugs into an ethernet port at a residence, probably inside an ISP's private network, so that the router will achieve VPN connectivity to the enterprise office?
Of course it is possible. To stablish a VPN tunnel you need to have connectivity and firewall rules allowing VPN traffic, if that is the case. You probably will pass through some NAT.
Question 2b: Is the above solution possible if the router does not locate behind a NAT gateway?
You need to keep in mind that to stablish VPN, you need to have connectivity between VPN gateways. Then, I´ll make you a question. Does the device incide you home connected to your ISP is able to ping or have connectivity to another device inside your company without NAT ? If your answer is Yes, then, you are able to stablish a VPN tunnel between them.
The answer is probably No. Then, you need to pass through some Firewall and NAT.
12-29-2021 04:35 AM
Hi
Question1: How does the ISP work with the enterprise when the enterprise wants to use a public IP address on its border router?
Enterprise using public IP address is actually the usual. And this is not a problem for ISPs as they provide the IP address rang for enterprises.
What is expected of the ISP?
IP address range, Gateway, Subnet mask, routing protocol, if that the case.
Will the enterprise need to set up BGP routing on its border router?
It dependes on what you are trying to do. Most, if not , all enterprise I konw use BGP but this is not required in most case. If you are using only one ISP, even a static route can solve your problem. If you are using multiples ISP and you want to play with load balance, redundance, etc, you may want to have BGP in between. You may want to have your own Autonomous System.
Question 2a: Without a DMVPN setup, is it possible (however impractical) to set up a VPN in which a public IP addressed, pre-configured router plugs into an ethernet port at a residence, probably inside an ISP's private network, so that the router will achieve VPN connectivity to the enterprise office?
Of course it is possible. To stablish a VPN tunnel you need to have connectivity and firewall rules allowing VPN traffic, if that is the case. You probably will pass through some NAT.
Question 2b: Is the above solution possible if the router does not locate behind a NAT gateway?
You need to keep in mind that to stablish VPN, you need to have connectivity between VPN gateways. Then, I´ll make you a question. Does the device incide you home connected to your ISP is able to ping or have connectivity to another device inside your company without NAT ? If your answer is Yes, then, you are able to stablish a VPN tunnel between them.
The answer is probably No. Then, you need to pass through some Firewall and NAT.
01-01-2022 06:08 AM
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide