port forward/PAT to host behind remote VPN endpoint
Ok here is my situation
Site A: static IP, Cisco PIx 515 running PIX 8.04
Site B: dynamic IP, running either PIX 501 or 1721 router with security image
EZVPN connection from B to A
I want all internet traffic from site B to go out Site B's local internet link EXCEPT email, which I want routed through site A's internet connection. Site A has a single server for exchange, AD, dns, etc. I only want email traffic, not all traffic from the server at site B to go out Site A's internet connection. Also, I want inbound email designated for Site B to go through Site A's extra static IP(I have the extra static, and I know what needs to be done MX wise).
Can this be done this way, or do I have to setup another IOS based device at Site A, and use a GRE tunnel?
Basically, also in general, if I want to accept a connection and Site A, and forward to Site B, does this require route maps or GRE?(IE if site B is hosting a web server, but want to piggy back off Site A's static)/
Re: port forward/PAT to host behind remote VPN endpoint
I configured a similar example using http 80, which can help you.
FW1: outside 10.0.01/24 FW2: outside 10.0.0.2/24
Inside 192.168.1.0/24 inside 192.168.2.0/24
VPN site to site between FW1 and FW2
Connected to FW2 is our HTTP server R2 (which is another router with http service enabled), connections to FW1 on http 80 will be forward to R2 through the VPN site to site, to finally reach the http server R2, please see the attached network diagram for a better understanding.
In addition you may also find attached the configs of each device in case you want to try it yourself
NAT for http service on extra public IP address, please notice 10.0.0.125 is not configure on any interface, it is no necessary.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :