I may have a stupid question, but could you run, in parallel,
In other words, client already has IPSec site-to-site tunnels, but would need to terminate Client VPN-s, preferably L2PT/IPSec on Windows server behind the router.
Challenge is: Existing IPSec tunnels use UDP 500.
L2PT Passthrough would need to port forward (dest NAT) the same UDP 500.
The only way I can see this happening, maybe to use some sort of access list and deny port forwarding of UDP 500 for static public IP addresses of already existing IPSec VPN tunnels...
Anyone had experience doing this?
Any configuration examples to recommend?
Solved! Go to Solution.
thanks for getting back.
We considered getting another public IP, assigning it to a loopback interface, do proxy-arp and avoid existing tunnels and L2PT passthrough clashing on UDP port 500.
I'm now reading articles about public IP-s on loopback...
You could also get a /30 and have it routed to your 2921. Then plug the server directly into a spare interface on your 2921, and give the server a public IP directly.