01-04-2012 05:44 AM
Hi
I need to set up a site-to-site VPN on ASA 5505 (ASA version 8.4) on a private IP address range to a third party who have are using internet routable IP addresses for the remote LAN.
E.g. in the Protected Networks settings
Local Network: 192.168.1.0/24
Remote Network: 1.1.1.0/24
Is this possible?
Thanks
Julian
Solved! Go to Solution.
01-04-2012 06:08 AM
Yes, it is possible, use in the interesting traffic identifier ACL (i.e crypto ACL) the remote destination address is public address instead of a private address and your VPN remote peer's address is naturally public address if it goes over public-cloud. You may have an ACL on the inside interface, control (local LAN) access to remote tunnel end.
This setup is much similar to vpn tunning to banks over public-cloud.
Thanks
Rizwan Rafeek.
01-04-2012 06:08 AM
Yes, it is possible, use in the interesting traffic identifier ACL (i.e crypto ACL) the remote destination address is public address instead of a private address and your VPN remote peer's address is naturally public address if it goes over public-cloud. You may have an ACL on the inside interface, control (local LAN) access to remote tunnel end.
This setup is much similar to vpn tunning to banks over public-cloud.
Thanks
Rizwan Rafeek.
01-04-2012 11:15 PM
Thanks
This prompted me to double-check my configuration and I found the remote network was set up incorrectly (I hadn't been given the correct information at the time).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide