Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4834
Views
0
Helpful
4
Replies

site-to-site vpn behind provider router (adsl)

danielscharf
Level 1
Level 1

‎09-07-2011 11:06 PM - edited ‎03-07-2019 02:05 AM

Hi,

we have a working gre/ipsec vpn connection between branch office (2 x cisco 1800 series) and headquarter. Now we have to change on branch site from provider with static ip addresses for our routers to an adsl-internet access using private ip addresses on the adsl-router's private site... what change are neccessary to get the vpn working?

I there a cisco documentation / configuration example available. I cannot find some thing like this.

thank you a lot!

kind regards

Daniel Scharf

Labels:
0 Helpful
4 Replies 4

rosscourtnell
Level 1
Level 1

‎09-08-2011 05:15 AM

Hi Daniel

If I am reading your post correctly, the only thing that would need to be changed is the peer ip of the remote site on your headquarters VPN device. This would be the public IP of your new adsl connection.

HTH

Ross

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to rosscourtnell

‎09-08-2011 06:46 AM

Hi Daniel,

If I understand correctly, your internet connection at branch will be changed to ADSL where you dont have public IP.


You can set up a site-to-site between both sites but regular configuration assumes static public IPs on both ends.

Since one side is having a dynamic IP, then you have two options:


1. Site-to-Site Static-to-Dynamic configuration between both routers
2. EzVPN configuration
Also, I've seen people doing DDNS to create a tunnel when the IP changes.


And also you have some options...

For example if R1 modem can be configured to statically redirect IPsec traffic to the internal private IP of R1, then you can set a regular site-to-site VPN using NAT on the modem.


Most of the times this is not done and instead you configure either of the two options that I told you.

You can definitely configure a Site-to-Site tunnel between both sides, the tweak is that you must adapt it to Static-to-Dynamic configuration or implement an EzVPN configuration.


Hope the below link will help you more.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml


Please rate the helpful posts.
Regards,
Naidu.

0 Helpful

danielscharf
Level 1
Level 1
In response to Latchum Naidu

‎09-08-2011 11:07 PM

Hi guys,

thank you for your replies!

The branch site will use an adsl with one dynamic ip-address instead of a sdsl with multiple static adresses that is the current situation. So at the moment our branch routers both has public ip addresses and I have configured a site-to-site vpn (2 headquarter-routers, 2 branch routers = 4 public ip addresses). In future the two branch routers will have private ip addresse (behind the adsl router) and the router has one dynamic public ip address...

So I will try the two options written by Latchum Naidu.

Thank you a lot !!!

Kind regards

Daniel Scharf

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to danielscharf

‎09-09-2011 12:00 AM

Hi Daniel,

The two options what I gave wil definetly will work out as I did the same at one of my site.
And Please remember to rate the helpfull posts.


Please rate the helpful posts.
Regards,
Naidu.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card