Hi All,
Is it possible to use a vti tunnel interface on a router when the outside interface has a private IP address connected to a DSL modem with a static public IP address, in other words the router sits behind the DSL modem?
Router gi0/1 --> DSL Modem --> Internet --> to HQ (Firewall with static IP)
Outside 192.168.1.2 WAN static public IP
LAN 192.168.1.1
Interface config:
interface GigabitEthernet0/1
ip vrf forwarding Internet-VRF
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
end
Tunnel config:
crypto isakmp policy 282
encr aes 256
authentication pre-share
group 2
lifetime 28800
hash sha
crypto isakmp key 0 PSK address xxx.xxx.xxx.xxx
!
crypto ipsec transform-set aes256-sha esp-aes 256 esp-sha-hmac
mode tunnel
!
crypto ipsec profile VPN
set transform-set aes256-sha
set pfs group2
interface Tunnel1
ip vrf forwarding Internet-VRF
ip address 172.27.82.254 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
tunnel source Gi0/1
tunnel mode ipsec ipv4
tunnel destination xxx.xxx.xxx.xxx
tunnel protection ipsec profile VPN
I have been digging into Cisco documentation but have no answer found.
Thanks in advance.