Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
0
Helpful
4
Replies

Lan to Lan VPN Connection to a Public host

mvandeberg
Level 1
Level 1

‎01-06-2003 09:43 AM - edited ‎02-21-2020 12:15 PM

I know that the usual way for a lan to lan connection to work is to set up a connection from a private side host/network to a private side host/ network on the other end, but is it possible to set up the VPN to communicate to a host that is on the same network subnet as the public interface? In other words, I have a host on the DMZ that I want a remote network to communicate with only through the VPN, Is this possible?

Labels:
0 Helpful
4 Replies 4

jfrahim
Level 5
Level 5

‎01-06-2003 12:22 PM

Hi there,

It really depends on the VPN device that you are using. Using the Cisco IOS router, VPN3K concentrator, VPN5K concentrator it is possible. If you are using PIX as the VPN peer, then it is not possible

Hope that helps

Jazib

0 Helpful

mvandeberg
Level 1
Level 1
In response to jfrahim

‎01-06-2003 12:34 PM

I guess I should have been more specific, but yes, on my side is a 3002 concentrator in which the server is on the same public network (DMZ). And the remote network is a PIX. Im kind of confused on your answer though, are you saying that if the remote peer is behind a PIX trying to get to the Public host in the same network as the Concentrator it wont work?

Thanks

0 Helpful

jfrahim
Level 5
Level 5
In response to mvandeberg

‎01-06-2003 12:50 PM

Hi there,

If the server is on the public subnet of a 3002, then it will not work

3002 is not really a VPN concentrator. It is actually a HW client. It only established an IPSec tunnel between its private subnet the Network-list that the remote VPN server is pushing down

As far as your pix question is concerned, if the server resides on the outside interface of the pix ( the interface where you are terminating your tunnel ), then it is also not possible

Hope that clarifies

Jazib

0 Helpful

mvandeberg
Level 1
Level 1
In response to jfrahim

‎01-06-2003 01:07 PM

Im sorry, its not a 3002 HW client, but a 3000 series concentrator. DUH!! But im assuming that it will work then from your response. I did do some pre- testing set up and specified the IP address of the public server in the local network settings for the site to site tunnel properties, and it didnt error out or anything, and it took the config. Thanks for the response, and I'll let you know how it goes. Sorry about the brain hiccup! :-)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents