Community home

powellt1 · ‎10-09-2015

Please see the attached diagram

I'm trying to establish a site to site vpn from a remote site using a 4G Sim enabled Cisco Router to a head office which has a standard Fixed public IP address.

The 4G router recieves a PRIVATE dynamic IP on the WAN/Cellular interface when powered up, which in turn NATs to a PUBLIC IP for internet access (checked from what is my ip site via a pc on the lan and a 85.x.x.x is given as the public address)

The Head office houses an ASA with a Static Public address and already has several s2s VPN connections to other parties.

VPN configuration has been applied to both the ASA and 4G Router, however the tunnel (neither phase1 or 20 is established.

obviously using the Dynamic s2s ipsec VPN option on the ASA as the 4G router recieves a dynamic address

I have been told that setting up a vpn from a 4G router will not work as the WAN inteface receives a private IP,

Is the attached setup supported, if not is there a nother way to establis VPN connections through vodafone's 4G network

Thanks

Retired-Wayne · ‎10-09-2015

@powellt1

This isn’t something that we can support I’m afraid.

I actually have a little bit of Cisco specific knowledge. However, my studies haven’t included IPSec or GRE tunnels just yet.

I think the problem is that the address on your router, on the interface that would be considered the outside NAT interface, is obviously a private IP, with secondary NAT taking place on our network.

My understanding of how VPN’s work within a private network, is that they need to be set up at the point of where NAT takes place, to give you the S2S tunnel, which is going to be impossible given that the true NAT takes place on our side.

Please correct me if I’m wrong, I’d be interested to know. However, as I mentioned above, this isn’t something that Vodafone can support.

Community home

Site to Site VPN using a 4G router