Have been working on setting up a VPN w/2620 & 1602R. Have read quite a bit, but can't find what the IP address, source address, & destination address should be - that is, do the source/destination need to be "real" addrs. or can they be on the order of 192.168.1.0 ? Do they need to be on the same subnet ?Does it matter which interface you use for source ? What about the tunnel addr. ? private or global ?
If someone can answer these questions, or point me to a doc. which does, I would appreciate it.
You will need real addresses unless this is not across the Internet or are using some kind of NAT along the way since private addresses will not route across the Internet. The can be on different networks as long as you have connectivity between them. You can use any interface as the source to terminate the tunnel but it should be the interface with the real address on it. If you are using GRE tunnels with your IPSec you can use private addresses on them. Hope this helps.
Right now, just trying to set up GRE tunnel. Little confused (as you can see by my post) about the addressing. We do run NAT, and once I establish the tunnel, will be looking into that piece, as well as IPSec. Lots of issues to deal with, but it'll get there.
Peer interfaces need to be on the outside and you need routable addresses. Now, you can you the 192.168.1.0 network behind both for your address pool because the other router will only see the "REAL" address.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...