Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2655
Views
0
Helpful
4
Replies

IPsec tunnel to 2 remote sites using 2 different public IPs

Go to solution
Michael Lang
Level 1
Level 1

‎09-14-2016 07:12 AM - edited ‎02-21-2020 08:58 PM

Hi,

I'd like to set up a site-to-site VPN tunnel to 2 remote sites (A and B) to manage hosts in these networks.

We have multiple public IPs from our ISP, so we want to use one IP (a.a.a.a) for the tunnel to site A and the IP b.b.b.b for the tunnel to site B.

Our modem is operated in bridged mode and is connected to our router in the gigabitethernet8 interface. This interface gets the public IP a.a.a.a assigned via DHCP. 
I (kind of) managed to set up a tunnel to site A, but the router does not even receive packets from site B. (maybe because the router B receives packets with source IP a.a.a.a but only accepts the peer b.b.b.b?)

Our router is the Cisco C898EA with IOS version 15.4(3)M1

If you need additional information, please feel free to ask, sorry if something crucial is missing.

Thanks in advance!

Labels:
Preview file
7 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vishnu Sharma
Level 1
Level 1

‎09-14-2016 08:47 AM

Hi Michael,

I see that you want Router 1 to connect to Site A & Site B with IP A.A.A.A for site A and with IP B.B.B.B for site B. First of all, I would like to understand why do you want both the tunnels to end on two different ip address even when they are getting configured on same device. The rule here is that you can have one crypto map per interface. This setup is not going to work if you want both tunnels to end on same device (same interface) with different ip addresses. You can configure another ip address on another interface and land second tunnel on that interface. Please remember that you will have to do manual routing for that as well so that the traffic coming on secondary interface responds through the same interface instead of default interface. Also, you will have to specify routed for the subnets at site B so that router is aware that he need to route traffic through interface B to reach subnets at site B. 

Let me know if this helps.

Thanks,

Vishnu

(Please rate helpful posts)

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Vishnu Sharma
Level 1
Level 1

‎09-14-2016 08:47 AM

Hi Michael,

I see that you want Router 1 to connect to Site A & Site B with IP A.A.A.A for site A and with IP B.B.B.B for site B. First of all, I would like to understand why do you want both the tunnels to end on two different ip address even when they are getting configured on same device. The rule here is that you can have one crypto map per interface. This setup is not going to work if you want both tunnels to end on same device (same interface) with different ip addresses. You can configure another ip address on another interface and land second tunnel on that interface. Please remember that you will have to do manual routing for that as well so that the traffic coming on secondary interface responds through the same interface instead of default interface. Also, you will have to specify routed for the subnets at site B so that router is aware that he need to route traffic through interface B to reach subnets at site B. 

Let me know if this helps.

Thanks,

Vishnu

(Please rate helpful posts)

0 Helpful

Go to solution
Michael Lang
Level 1
Level 1
In response to Vishnu Sharma

‎09-19-2016 05:22 AM

Hi!
Thank you for sharing your useful knowledge, we managed to use only one WAN IP for both tunnels and it works now.

Thanks,
Michael List

0 Helpful

Go to solution
JoshuaWong5757
Level 1
Level 1
In response to Michael Lang

‎11-21-2019 07:53 PM

Hi Michael Lang, 

 

How did you manage to use only one WAN IP for both tunnels? 

0 Helpful

Go to solution
elguapooo
Level 1
Level 1
In response to Michael Lang

‎07-10-2020 03:04 AM

How?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents