Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
231
Views
0
Helpful
0
Replies

VPN from behind WAN router

Jonnyballgame34
Level 1
Level 1

‎05-16-2017 01:22 PM - edited ‎03-08-2019 10:36 AM

HI, 

Wondering how I set up a couple of VPN tunnels, or if what I want to do is even possible. 

Here's the situation.  I deploy a lot of vpn circuits, all standard, they connect directly to the WAN circuit with a public IP, (will post config below). 

I wanted to do some testing at home, where I wind up on DHCP behind my providers router.  I don't think I can swap out my router for theirs, if nothing else they have a rj11 connector instead of 45.   

 I want to test the DMVPN tunnels at home, I use the config but I think because I am behind my providers router it is causing me problems, (I figure it's not dhcp in general because the tunnels only specify interface name, not how they get their IP's)> 

So my question(s) would be, 1) is it because the provider's router is in between and I'm getting a dhcp address from it, and 2), is there a workaround, (I suppose I could try converting RJ11 to 45 and spoofing the providers router, but I'm hoping there is something better. 

I get up/down when I try to turn the tunnel up...thanks

Any thoughts would be appreciated. Thanks

crypto isakmp policy 1
encr aes
authentication pre-share
group 5
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 30 periodic
crypto isakmp profile DMVPN-IKE
keyring DMVPN-KEYRING
match identity address 0.0.0.0
!
crypto ipsec security-association replay window-size 1024
!
crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac
mode tunnel
!
crypto ipsec profile IPSEC-DMVPN
set transform-set ESP-AES-SHA
set isakmp-profile DMVPN-IKE
!

!
!
interface Loopback0
description *** MGMT ***
ip address 10.87.254.204 255.255.255.255

interface Tunnel100
description ** W. Hartford **
bandwidth 20000
ip address 192.168.105.47 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxxxxx
ip nhrp group USCNSRTVP001
ip nhrp map 192.168.105.254 205.142.167.245
ip nhrp map multicast 205.142.167.245
ip nhrp network-id 100
ip nhrp holdtime 600
ip nhrp nhs 192.168.105.254
ip nhrp shortcut
zone-member security INSIDE
ip summary-address eigrp 1 10.87.32.0 255.255.248.0
ip tcp adjust-mss 1360
load-interval 30
delay 100
if-state nhrp
qos pre-classify
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile IPSEC-DMVPN shared

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents