09-13-2010 01:14 AM - edited 03-11-2019 11:39 AM
Hello All,
I am having head office & branch office. our servers are at head office having ip address in serise 192.168.1.0.
I want to establish site-to-site VPN between these 2 offices. also i want to reach some specific ports of head office server such as :
for example :
I want to reach
IP Port
192.168.1.9 171
192.168.1.3 989
192.168.1.3 989
192.168.1.23 85
How to do that.??? can anyone help me...
Thanks...
09-13-2010 02:38 AM
Hello All,
I am having head office & branch office. our servers are at head office having ip address in serise 192.168.1.0.
I want to establish site-to-site VPN between these 2 offices. also i want to reach some specific ports of head office server such as :
for example :
I want to reach
IP Port
192.168.1.9 171
192.168.1.3 989
192.168.1.3 989
192.168.1.23 85
How to do that.??? can anyone help me...
Thanks...
09-13-2010 02:55 AM
hi vinayak,
we can have a site to site vpn, but to proceed any further please brief us more about ur networks and devices and natting that you will be having
here are the general guide lines
which ever traffic needs to be encrypted should be identified in crypto acl and should be exempted from natting
if you can provide us details about ur devices i can send me appropriate config guides
09-13-2010 03:19 AM
hello,
Thanks for reply.
I am having router conncted directly to ISP & Firewall connected to router. I want to configure VPN on ASA Firewall. The LAN traffic is natted to public IP.
For example :
Router Outside having IP (1.1.1.1/29)
Router Inside having IP (10.0.0.1/29)
Firewall Outside (Connected to router having 10.0.0.2/29)
Firewall inside (Connected to LAN having 172.10.1.1/24)
I do nat of public IP 1.1.1.2. i.e i mapped 10.0.0.2 (private address on public ip 1.1.1.2).
can i use 1.1.1.2 ip for site-to-site VPN as a peer IP ???
I want to reach specific ports of server as given in my question so how to do that ?
If anything you require just reply me..
Thanks..
09-13-2010 04:16 AM
Hi,
You can use the ASA fw Public IP on the router (1.1.1.2) as the VPN peer on the HQ side.
On the ASA, configure the crypto ACL with the local provate LAN as your source and destination as the HQ servers (192.168.1.*)
Add route on the ASA fw for 192.168.1.0 towards Outside (Router internal interface IP)
In the Router ACL you will have to allow the ports UDP 500, ESP and UDP 1000
Hope this helps.
09-13-2010 04:20 AM
Hello Dhananjoy,
Can u please tell me how to allow ports on router ???
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: