Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
2
Replies

VPN between 2 routers dynamic to static but static site behind FW

STEFAN KLUEPPEL
Level 1
Level 1

‎07-25-2002 02:08 PM - edited ‎02-21-2020 11:57 AM

Hello,

a small question about design.

if I use the cisco example VPN between 2 routers, one site with dynamic IP

directly connected to Internet,

the other site with static IP (private address) but behind a firewall which does NAT for this hubrouter.

is this recommended or not

because of different proxy-entries on both sides ?

btw We want to use C1721 on both sides , IOS 12.2.4YA2...

Thanks for proposals.

Regards,

Stefan

Labels:
0 Helpful
2 Replies 2

edadios
Cisco Employee
Cisco Employee

‎07-25-2002 03:07 PM

As long as the hub router would have an ip address on the translation that is it's own, and you use esp tunneling, then it should work.

If the NAT is a PAT, then that is when you would have issues. Make sure the firewall allows for ike (udp 500) and esp (tcp 50), and the source would be any as the ip from the other router is dynamic.

Regards,

0 Helpful

STEFAN KLUEPPEL
Level 1
Level 1
In response to edadios

‎07-26-2002 09:39 AM

ok,

thank you for your answer.

regards,

stefan

0 Helpful
Customers Also Viewed These Support Documents