It is possible to setup CISCO1921/K9 router for site to Site vpn behind a firewall?

Question

I am looking to buy CISCO1921/K9 to set up site to site vpn with Amazon VPN. We are currently behind a firewall. I am looking to setup the new CISCO1921/K9 router as per the quick text diagram below. Will my setup work? and what ports will I need to forward on my firewall?

INTERNET -->  ISP Modem ----> Firewall ---- CISCO1921/K9

You seem to be assuming it is just a matter of forwarding ports. But VPN protocols use different underlying transport protocols only some of which have port numbers. A few details have been omitted from the description of your network. Is the modem configured to bridge, route, or NAT? Is the firewall configured to bridge, route, or NAT? And if your network happens to be running both IPv4 and IPv6 the answers to those questions might be different for the two protocols. — kasperd, Apr 09 '16 at 13:46

score 1 · Accepted Answer · edited Apr 13 '17 at 12:57

1

You need to forward following ports

500 for Phase 1

4500 for NAT-Traversal

look at this article below for more information regarding configuration

https://networkengineering.stackexchange.com/questions/25074/cisco-ipsec-tunnel-with-nat-to-aws-customer-gateway

edited Apr 13 '17 at 12:57

Community

1

answered Apr 09 '16 at 09:54

stambata

1,668
3
14
18

It is possible to setup CISCO1921/K9 router for site to Site vpn behind a firewall?

1 Answers1