cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
763
Views
0
Helpful
5
Replies

Problem in Site-to-site VPN ?

vinayak
Level 1
Level 1

Hello All,

I am having head office & branch office. our servers are at head office having ip address in serise 192.168.1.0.

I want to establish site-to-site VPN between these 2 offices. also i want to reach some specific ports of head office server such as :

for example :

I want to reach

     IP                                    Port

192.168.1.9                          171

192.168.1.3                          989

192.168.1.3                          989

192.168.1.23                         85

How to do that.??? can anyone help me...

Thanks...   

5 Replies 5

vinayak
Level 1
Level 1

Hello All,

I am having head office & branch office. our servers are at head office having ip address in serise 192.168.1.0.

I want to establish site-to-site VPN between these 2 offices. also i want to reach some specific ports of head office server such as :

for example :

I want to reach

     IP                                    Port

192.168.1.9                          171

192.168.1.3                          989

192.168.1.3                          989

192.168.1.23                         85

How to do that.??? can anyone help me...

Thanks...   

hi vinayak,

we can have a site to site vpn, but to proceed any further please brief us more about ur networks and devices and natting that you will be having

here are the general guide lines

which ever traffic needs to be encrypted should be identified in crypto acl and should be exempted from natting

if you can provide us details about ur devices i can send me appropriate config guides

hello,

Thanks for reply.

I am having router conncted directly to ISP & Firewall connected to router. I want to configure VPN on ASA Firewall. The LAN traffic is natted to public IP.

For example :

Router Outside having IP (1.1.1.1/29)

Router Inside having IP (10.0.0.1/29)

Firewall Outside (Connected to router having 10.0.0.2/29)

Firewall inside (Connected to LAN having 172.10.1.1/24)

I do nat of public IP 1.1.1.2. i.e i mapped 10.0.0.2 (private address on public ip 1.1.1.2).

can i use 1.1.1.2 ip for site-to-site VPN as a peer IP ???

I want to reach specific ports of server as given in my question so how to do that ?

If anything you require just reply me..

Thanks..

Hi,

You can use the ASA fw Public IP on the router (1.1.1.2) as the VPN peer on the HQ side.

On the ASA, configure the crypto ACL with the local provate LAN as your source and destination as the HQ servers (192.168.1.*)

Add route on the ASA fw for 192.168.1.0 towards Outside (Router internal interface IP)

In the Router ACL you will have to allow the ports UDP 500, ESP and UDP 1000

Hope this helps.

Hello Dhananjoy,

Can u please tell me how to allow ports on router ???

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: