Hello Guys, We have established VPN connection between my office/ATL and Remote office in India. We are exchanging packets between both private networks. India has DMZ server with public IP address that could not communicate with my private network. India advised me that they could not NAT that server to share same private IP address range with the rest of the servers because other company's are connected to that DMZ server via its public IP address. What advice or solutions or how can I advice India to have my private IP address to communicate with their DMZ server? VPN connection already established. My users need to access Remedy services on India DMZ server. Thanks in advance!!
Basically on the access list you use for identifying the interested traffic to be encrypted you would need to PERMIT your private network as source and the public IP address of the DMZ server as destination. In India they need to include the DMZ's Public IP address as the source and your private network as the destination (to the access list used for the interesting traffic). In that way traffic to/from your private network to/from the DMZ servers will be routed through the tunnel.
You(and India) also need to make sure the above traffic is not NATed.
Also make sure you (and India) allow that access on any access list applied to the firewall.
And finally you need to make sure that routing on both ends is configured correctly .i.e the DMZ server should send traffic destined to your private segment to their firewall. Your private segment should send traffic destined to the DMZ server to your firewall's inside interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...