Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
731
Views
5
Helpful
2
Replies

VPN configuration site to site

Shibu1978
Level 1
Level 1

‎07-22-2009 10:59 PM

Dear All,

1. We plan to create a Site to site vpn tunnel between another company and our head office. they are having the same Lan network range as ours. both location are being using the same network. Now its not advise to change the IP in any location. is there any way i can configure the site-site vpn and establish the connectivity?

2. Also plan to configure the client to site VPN (Remote access Vpn) tunnel authentication through Certificates. we have an internal Windows server which is configured as certifictae server.we can download CA certificates from it. but this server is not been natted to public ip.can i use this server for remote access vpn ? for remote access vpn the certificate server should be available in the net or it can be in the internal network. do we need to install the certificate in PIX ?

Please help me to configure the same.

Thanks

Labels:
0 Helpful
2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

‎07-23-2009 12:55 AM

1. Yes you can do this be employing NAT for the overlapping space, please have a look at:

http://supportwiki.cisco.com/ViewWiki/index.php/PIX/ASA_7.x_and_later:_Site_to_Site_(L2L)_IPsec_VPN_with_Policy_NAT_(Overlapping_Private_Networks)_Configuration_Example

(Copy the whole URL above, as the forum is breaking the link)

2. The certificates can be generated and installed on the endpoints without requiring that you publish you CA server over the internet (NAT). However if you want to do SCEP enrollment etc. over the internet you need to open it up. This all depends on your security policy, have a look at this link for configuration assitance:

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080930f21.shtml

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents