How to S2S VPN with local ip address ?

Ilhams · ‎11-07-2021

Hello Experts,

So i have asked by my customer that is it possible to form s2s vpn using local ip interface?
What i mean is that usually, i configure and form s2s vpn using fw/router that directly faced to the internet, for example from the picture below i usually config crypto map on "Router 0" on its internet-facing interface that using ip public, which is interface gi0/0/0 (ip public : 103.45.43.2).

Is it possible to form s2s vpn from internal router and internal ip and internal interface which is "Router 2" with its gi0/0/0 interface and its ip private is 192.168.1.10? So i want to form s2s vpn between {Router 2, Gi0/0/0, 192.168.1.10} to {Router 3, Gi0/0/0, Ip public 201.23.4.3}. Is it possible? Btw the Router 2 private ip address is natted to ip public 103.45.43.10 on router 0.

The s2s vpn is not between cisco router, i disguise the pictures below because of customer;s credentials. But there is cisco devices between them.

Rob Ingram · ‎11-07-2021

@Ilhams Yes. You just need to configure Router3 to set the peer as the NAT IP address (103.45.43.10) of Router 2.

On Router 2 setup the peer using the Public IP address (201.23.4.3) of Router 3.

balaji.bandi · ‎11-07-2021

yes possible as long as they are NAT and visible to external.

Make sure the below ports are allowed.

UDP 500
UDP 4500
ESP

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help