cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
916
Views
0
Helpful
5
Replies

IPSEC between private and public range

sushil
Level 1
Level 1

Hi,

I got a query from my customer,which made me to thought a bit.

A site to site VPN to be built.ASA 5510 at this end is doing it perfectly fine where some other site to site tunnel is working.

Now at the remote end,i don't know how there is some device having firewall/VPN capabilty.The public IP in the range is used in the internal network.

Would like to know is it possible;

1. Provide the public IP on the servers itself.If we consider cisco at other end what would be configuration?

2. Is that possible to create a VPN tunnel in this case?Seems as if interesting traffic defined can done.

Don't know what customer exactly wants,but he made to thought about this requirement.

Reg,

Sushil

1 Accepted Solution

Accepted Solutions

yes it is possible shouldnt be issues with that

View solution in original post

5 Replies 5

Jitendriya Athavale
Cisco Employee
Cisco Employee

could you please elaborate more not sure if i understand your requirement correctly, can you please draw a simple topology diag

ram to illustrate

do you want to know if we can define interersting traffic as  public to private and vice versa

I believe Topology is something like this.

Internal network------(NAT/PAT)ASA1------IPSEC Tunnel-------ASA/FW(Remote End)-----------Remote network(Public IP range)

At remote end public IP are used behind the device.Seems Natting is not being done or exempted.Don't know exactly what have been at that end but remote network is having public ip termiting on the servers.

Two questions:

1. Is this type of topology possible?If yes, why to use IPSEC as publically servers are accessible.

2. You understood the second requirement correctly.i.e interseting traffic from private to public and vice-versa via IPSEC.

Reg,

Sushil

they want to use ipsec probably because they want to encrypt traffic between your interna

l network and their servers having public ip... dunno why would they want tht...

or probabaly they might have another device behind the remote firewall doing the natting...

Well is it possible to achieve this?

Interesting traffic from private to public and vice-versa?

Reg,

yes it is possible shouldnt be issues with that

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: