Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX TUNNEL BETWEEN PUBLIC IP'S

greetings,

I have a tunnel between two locations....

location 1 has a static mapping to an FTP server.

Location 2 has a static maping to an FTP server.

the tunnel comes up when location one and location two talk to eachother via statically mapped PUBLIC IP address. is this possible? the public IP addresses able to go throught the tunnel instead of the private IP addresses?

no NAT.

In my other tunnels, I can connect over the tunnel using the private IP on the other end. But if Im looking at the config correctly, the ipsec access list has the public ip address of the location one FTP server as the source address instead of the private IP. and the destination is the Public Ip of the location 2 ftp server. This still triggers the tunnel but is this traffic really secure? public IP to Public IP?

thanks!

JC

1 REPLY

Re: PIX TUNNEL BETWEEN PUBLIC IP'S

Hi JC,

Don't worry about the static mappings, you can still use NAT 0 between the VPN endpoints. Just add to NAT 0 the same ACL as the crypto domain (LAN1 to LAN2).

The alternative is this:

All the hosts are PATed to one Public IP.

In addition a static is created for the FTP port(s).

Configuration for one end:

nat 1 (inside) LAN 1

global 1 (outside) Public-IP-1

static (inside,outside) tcp Public-IP-1 20 FTP-server-IP 20 netmask 255.255.255.255

static (inside,outside) tcp Public-IP-1 21 FTP-server-IP 21 netmask 255.255.255.255

The VPN will be done between Public-IP-1 and Public-IP-2

Please rate if this helped.

Regards,

Daniel

101
Views
0
Helpful
1
Replies
CreatePlease to create content