Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
5
Helpful
7
Replies

VPN with one public IP

chrishudson
Level 1
Level 1

‎11-09-2004 11:54 AM - edited ‎02-21-2020 01:26 PM

Hi

I have to connect 15 locations at a central point by using site to site VPN.Is it possible in Cisco routers to establish VPN connectivity with only one public IP at central location.I will be gratefull if you can suggest a optimized router with memory size for the ceentral location,where 15 VPN tunnel will be terminated

Chris

Labels:
0 Helpful
7 Replies 7

sachinraja
Level 9
Level 9

‎11-09-2004 11:05 PM

Hi chris,

yes.. it is possible to establish vpn connectivity with only one public IP at the central location. All the remote peers will be having this public IP as the tunnel destination. there are no problems in it.

depending on the WAN links that you have you can decide on the router. If you have a single leased line going to internet, you can think of putting a 2600 series router. this can take upto 300 tunnels with the VPN module in it. with the vpn modules these are the maximum tunnels in each router category:

Up to 100 encrypted tunnel on a 1700, up to 300 tunnels on Cisco 2600, up to 800 for 2650, up to 800 tunnels for the Cisco 2600XMs, 2691, and 3725, up to 800 tunnels on Cisco 3620 and 3640, and up to 2,000 tunnels on Cisco 3660 and 3745.

rate all replies if found useful..

All the best !!

chrishudson
Level 1
Level 1
In response to sachinraja

‎11-09-2004 11:19 PM

Hi Sachin

What peer addres we have to add in central location for each remote location?

Chris

0 Helpful

sachinraja
Level 9
Level 9
In response to chrishudson

‎11-09-2004 11:21 PM

Hello chris,

it should be any public IP that is reachable from the remote location to the router. either the serial interface IP or the loopback IP (if both serial/isdn is present).

Once the IP connectivity is established, you can think of creating the IPSEC tunnels.

Hope this helps !!

All the best !!

0 Helpful

chrishudson
Level 1
Level 1
In response to sachinraja

‎11-09-2004 11:29 PM

Hi sachin

that's for example if I am having one public ip say 217.17.240.1 at central location and 5 remote locations is working under dynamic ip.In remote locations I can configure set peer as 217.17.240.1 ,and on central location I have to configure set peer as loop back for all 5 crypto policies ?

Chris

0 Helpful

sachinraja
Level 9
Level 9
In response to chrishudson

‎11-09-2004 11:35 PM

Chris,

You should have a static IP on the remote location too, (serial/loopback IP), to which the central location will peer with. you need to configure only one set peer command for each location.

So, on the central location, you will have 5 peers , one for each remote location. On each remote location you will have one peer to the central loc.

Hope this helps !!

0 Helpful

chrishudson
Level 1
Level 1
In response to sachinraja

‎11-10-2004 06:29 AM

hi sachin

that means I need one static IP on each remote locations rt?.Here in my enviournment I am using dynamic IP at each remote locations.So I cannot assign an IP for my serial interface

Chris

0 Helpful

sachinraja
Level 9
Level 9
In response to chrishudson

‎11-10-2004 06:42 AM

have a routable IP on your routers and configure it as a loopback IP. have the ipsec tunnel destinations to those loopback IPs.. there is no other way out..

All the best..

0 Helpful
Customers Also Viewed These Support Documents