CAN WE DO ENCRYPTION AND ROUTING OVER SINGLE INTERFACE OF THE ROUTER??
Below is my network set up.
Firewall----VPNRouter(having 1 interface)
I would wish to achieve a site to site VPN from the VPNRouter connected to the firewall in Site 1 to the VPN Router in the site 2.
If you could notice i have only one interface for the VPNRouter(Site 1) and so the traffic from the PC in the Site 1 LAN when trying to establish connectivity to the servers in the Site 2 when going to the second phase(with the help of the interesting traffic) needs to do both encryption as well as routing through the same available single interface only.Is this possible.
Am sure the first phase would happen, but when going to the second phase the interesting traffic has to go from the PC to Firewall to VPNRouter(get encrypted and as well route the traffic to the same Firewall interface again) to the InternetRouter and to the Site 2 VPN Router.So is that second phase possible?
Kindly let me know if i can go for such a solution and is it possible.
Re: CAN WE DO ENCRYPTION AND ROUTING OVER SINGLE INTERFACE OF TH
This would be interesting..!!
First of all you need to disable "ip redirects" on the Router's intf.
The default gateway for the LAN would be the FW.
E.G. Let's say the local n/w on Site 2 is 10.x.x.x and local n/w on Site 1 is 11.x.x.x
Say, router is conneected to dmz of the FW.
The FW would have a route:
route dmz 10.x.x.x 255.0.0.0
And on Router, you have a route :
ip route 0.0.0.0 0.0.0.0
So,traffic originating from site 1 LAN, when needs to go to site 2 LAN, will hit the PIX, and then would be routed to the router, the router will check the default gateway, would again send it to the PIX but after encrypting it.
The PIX will then route the encrypted traffic across the internet. The return traffic will hit the router through the PIX, will be decrypted, the router will then send the decrypted traffic again to PIX, and PIX will then route it inside.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...