cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3750
Views
0
Helpful
30
Replies

Route particular public IP's via site to site vpn.

ribin.jones
Level 1
Level 1

Hi,

We have got two offices in location A and B and we have site to site vpn between the offices. We have a situation in which a software will get updated if we go only from location B's public IP. I need the same software to be updated from location A also. Is it possible for me to route a particular IP (place where the sofware update is available) thorugh location B from location A via the site to site vpn?

Any help is very much appreciated

Thanks in advance,

- Ribin

30 Replies 30

ribin.jones
Level 1
Level 1

No replies?

- Ribin

Is there any solution for this? I am not sure whether this could be done even...Please help me on this...

- Ribin

Routing the Public IP thorugh the VPN tunnel will not work because it is not in your vpn encryption domain.

You will have to policy based NAT at site B and site A.

And then add the public IP in the encrption domain at sites A and B.

But this will compliacte your setup and would require lot of changes at both ends.

An alternative easier option would be to use a proxy server (like squid) at site A, so that users at site B can use the proxy to get the software updates.

Thanks a ton for the response.

Yes, I am aware of the Proxy server method. But I need to do this proxy independent. Can you explain the first step?

- Ribin

Dear Ribin,

Can you explain what do you mean by updating a software from location B public IP ? I mean where is this software ? at location A or B ? a diagrm will certainly help here :-)

Jennifer Halim
Cisco Employee
Cisco Employee

Please advise what device is your VPN termination point.

Hi,

VPN is done in Cisco 2811 router in location A and in Cisco 871/Cisco 2801 (done in both routers- any one of the two will do the job for me) in location B.

By updating a software from location B public IP means, I need to access a website from location A using location B's public IP. (Route traffic to that website from location A to location B via VPN and I should get hit to that website taking location B's public IP.)

- Ribin

Dear Ribin, now it clears, sorry if its bothering but now can you repeat as to what you actually want now :-) ?

Currently you have a software that gets updated from a website only when accessed from location B IP ? is that correct ?

The picture i am having is, you have internet on location A and B. You have a dedication link between both these locations.

Correct me if i am wrong anywhere

My mistake, there dont seems to be internet connection on location A. :-)

It actually depends on routing. you need to do (and verify) the following

1) The software IP can reach website either though static or default route. Make sure router on location A as appropriate route to reach this website(either static or default route)

2) You must be doing Natting, so add the ip of this software in natting statement (probably access-list) so that it can now reach internet.

3) Make sure you have a return route from location B to location A for this software IP.

If the above parts are in place then its quite easy :-)

I have Internet connection in location A and location B. I have done site to site vpn to connect these offices.

- Ribin

If it's a router, then it's easy.

Just add crypto ACL as follows:

On location A:

- permit ip host

On location B:

- permit ip host

Hope that helps.

Hi,

No luck. I am getting hits to the crypto acl in location A. But I am not able to pull the site.

Just to clarify, what you mean by "public-ip-of-server-B"in your explanation? ... I guess it is the public IP of the site which I need to get via location B public IP.

- Ribin

Hi,

Infact when I ping to the website from location A, I get hits in Location A and Location B crypto ACL's.

Below is my crypto ACL's in locations A and B.

In Location A,

permit ip 192.168.11.0 0.0.0.255 host

In Location B,

permit ip host 192.168.11.0 0.0.0.255

- Ribin

Any solution to my problem?

- Ribin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: