Re: VPN connection to a Cisco ISR behind a NATed cellular connection?

nadeesh.sam · ‎05-25-2022

Hi legends,

I'm trying to figure out a way to connect a Cisco router that has a cellular connection through a VPN. The router is on a moving vehicle and the cellular connection is behind a NAT and does not have a public IP. The basic requirement is to be able to get a remote PC connected to the same LAN that the router is in for management.

We have a fixed public IP on premise and currently don't have any other cisco infrastructure. I'm pretty new to all this stuff so what would be the best way to connect to the router to establish a VPN tunnel?

Thanks in advance!

Rob Ingram · ‎05-26-2022

@nadeesh.sam use FlexVPN, with a Dynamic VTI on the Hub and a static VTI on the spoke (cellular) router. The hub router will dynamically establish a VPN to the spoke router and does not need to know the source public IP address. As long as the cellular router can route to the hub, the tunnel will be established.

https://www.cisco.com/c/en/us/support/docs/security/flexvpn/116413-configure-flexvpn-00.html

https://www.cisco.com/c/en/us/support/security/flexvpn/products-configuration-examples-list.html

https://integratingit.wordpress.com/category/cisco/flexvpn/

nadeesh.sam · ‎05-26-2022

Hi @Rob Ingram

Thanks for the reply! FlexVPN sounds like what I need but I'm not sure if I need another Cisco router on-prem to get this working. We were kinda hoping to avoid that.

Is there any other alternative? We tried Azure cloud VPN gateways but it still needs a public IP on the remote router.

Thanks again!

MHM Cisco World · ‎05-28-2022

dynamic Crypto map, in static public IP, this make this peer accept any VPN peer what ever it IP.
note:-using pre shared key ip with 0.0.0.0