12-12-2009 05:46 PM
VPN server is behind the cisco adsl 857w router/modem.
From a remote site, we want to establish an IPsec VPN tunnel and a PPTP remote VPN access.
#1. How to configure the 857w to bridge mode or modem only?
#2. If 857w ramains as adsl router/NAT, how to configure this router such that IPSec VPN tunnel can be established and PPTP remote VPN access would work?
Many many thanks.
12-14-2009 12:24 AM
I would not recommend putting your VPN (server) behind NAT. It is doable though.
You will need to open ports for IKE(isakmp) and IPsec (udp/500, udp/4500 for nat-t and protocols 50 and 51 for esp and ah respectively.)
I guess it's possible to do this by the use of a static nat. You will just have to try. What kind of box is your vpn server? ASA? VPN3k?
12-14-2009 05:21 AM
Thanks Kent.
Yeah that is why I ask #1 above if I can configure the 857w to bridge mode or modem mode only so that the VPN box will handle the public ip address.
It is a DFL-860 VPN/Firewall.
I am a bit confused though because I can only do a static NAT (port forward) on the following ports:
udp 500
udp 4500
esp ip 50
but ip 51 is not available.
when i tried to check the prots/ports available using ACL (using the ? key), they showed there including GRE ip 47 and other IKE related traffic/ports.
I guess if somebody can help me configure the 857w to a dumb modem, it would be easy for me to configure IPSec site to site VPN and PPTP remote VPN access.
Many many thanks.
12-14-2009 05:35 AM
You are confusing the static with PAT. You're not going to be doing any port address translation, but a static nat translation.
By this I mean that you should dedicated an external IP to use in your static nat for the VPN server. Instead of PAT'ing it.
Refer to this guide http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml :-)
If you desperately want to put your 857 in bridge mode then what you need to read up on is the "bridge-group" functionality. I'm sure you can find this on CCO somewhere!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide