We have Cisco ASA 5505 (OS version 8.2.1) using for Production Site and working fine w/o any problem. One of the Services Server on which the private IP is configured 192.168.18.104 and natted with public IP address 220.127.116.11 configured on ASA Firewall. There are few ports are opened for incoming traffic on outside interface for Services Server which seems to have working fine.
Now we need to estlablish IP Sec VPN Tunnel with Vendor for the Services Server and for that phase-1 negotiation has been completed but there is something new configuration required in which we need to allow the interesting traffic based on public rather than private which basically we do while creating VPN Tunnels between two sites. The tunnel is created between two sites and its active. Our Outside Peer IP Address is 18.104.22.168 and vendor IP Address is 22.214.171.124 and they are using Netsreen Firewall. Basically for allowing the traffic we use the private subnet/IP address and send their traffic over the tunnel like 192.168.18.104(Private IP)------126.96.36.199(Outside Interface IP of ASA)-----------encryted Tunnel---------188.8.131.52(Netscreen Peer IP). Now the problem is Vendor is using public IP (184.108.40.206) in their configuration for our services server instead of 192.168.18.104. But according to me we can allow the local subnet/IP in interesting traffic over the tunnel.
Can anyone help me if we can allow the public IP in our configuration as they are using Public IP address for their Services Server (220.127.116.11). I dont know what configuration needs to be done so that both server to be communicated with each other. The scenario we want i.e. 18.104.22.168 (Services Server Public IP)------22.214.171.124----------------------encryted----------------------126.96.36.199------------------188.8.131.52 (Vendor Services Server).