I have a site to site VPN being set up between 2 515s, each running 6.3(5).
We have overlapping encryption domains (the servers we need to access at the remote location are in a network we already have locally defined).
How can I overcome this?
Servers at the remote site are exposed to the internet for public access.
I believe the cookie cutter solution is to create static translations for all the servers we need to access (to public IPs) and then our match list ACL just references the public IPs (after translations). Some of the servers at the remote site however are not internet facing and I would prefer to not have to A) use up public IPs with statics and B) not add translations to public IPs unless absolutely needed...(you know...defense in depth, another layer of security all that jazz...if someone adds a broad ACL by mistake it doesnt immediatly expose my internal servers if they dont have public translations in place).
Do I have any options?
I had this grand plan where I was hide-NATing traffic leaving my end and creating a network block static on the other end mapping the servers to a virtual non-routable network. Then I would hit these non-routable IPs that I made up to access the servers. Sadly I didnt look 2 steps ahead and realize this would preclude me from being able to add the public xlates required to expose these servers to the internet.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :