Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
0
Helpful
1
Replies

LAN-to-LAN IPSec VPN - spoke with a private IP

Sergey Balyura
Level 1
Level 1

‎05-15-2014 03:57 AM - edited ‎02-21-2020 07:38 PM

Hello, everybody!

 

I have the working hub-and-spokes VPN system over IPSec on IOS routers.

every spoke and a hub have public IP addresses to interact.

but now I have to add another spoke which has just a private IP. it is situated over the ISP NAT.

Can you give the direction where to dig?

 

on my hub I have the next set of statements for a spoke with a public IP:

 

crypto isakmp policy 1
 encr 3des
 authentication pre-share

 

crypto isakmp key PASSWORD address AA.BB.CCC.DD

 

crypto map REGION_CRYPTO_MAP 100 ipsec-isakmp
 description Tunnel to SKLAD
 set peer AA.BB.CCC.DD
 set transform-set REGION
 match address 2000
 reverse-route

 

please, help me :)

Labels:
0 Helpful
1 Reply 1

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎05-17-2014 07:30 PM

Hi,

You can follow the given document to configure static to dynamic end VPN tunnel on routers.
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/14131-ios-804.html

Hope this helps.
 

Regards,

Dinesh Moudgil
 

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful
Customers Also Viewed These Support Documents