topic Re: STS TUNNEL SETUP in Network Security

STS TUNNEL SETUP

ray_stone — Tue, 12 Mar 2019 02:34:11 GMT

Hello Experts,

We need to create a STS tunnel with one of our client and they have the load balancer in front of their firewall and two ISP link are terminated on load balancer and load balance internal network is connected with firewall. Firewall interface which is connected with LB has private IP address assigned which is acting as a wan port and firewall has one internal face configured where the servers are placed so there are two natting here -one is at the firewall and second one is on LB. LB has the natting configured with public IPs of ISPs and both ISPs IP being terminating on LB -not on firewall. Now we need to establish a STS tunnel with client firewall where the public not being terminated so it possible that the private IP of outside interface of firewall I do the nat on LB with public IP and then create a tunnel on firewall. Would it work? Please explain in details if it works or not.

Thanks

Sent from Cisco Technical Support iPhone App

Re: STS TUNNEL SETUP

ray_stone — Thu, 05 Sep 2013 11:37:23 GMT

Can somebody response on this ?

Sent from Cisco Technical Support iPhone App

Re: STS TUNNEL SETUP

nkarthikeyan — Thu, 05 Sep 2013 12:49:46 GMT

Hi Ray,

I hope it should work if you do one to one NAT on loadbalancer with a public IP to private IP of the firewall outisde interface and having a rule that should allow the required traffic to the firewall outside IP or any any rule set for the NAT. i.e. which should not block any traffic towards the firewall outside IP.

Client end (Public IP) --> ISP --> LB(Public to Private IP NAT towards firewall Interface) --> ASA(configured with the private IP as its outside & VPN peer ip as it is.

Let me go through some scenarios and possibly can confirm you on the same...

Regards

Karthik

Re: STS TUNNEL SETUP

ray_stone — Thu, 05 Sep 2013 13:11:55 GMT

Please confirm if it works. I tested out this but unfortunately it's not working.

Sent from Cisco Technical Support iPhone App

Re: STS TUNNEL SETUP

ray_stone — Fri, 06 Sep 2013 01:07:16 GMT

Can somebody please provide more inputs on this.

Thanks.

Re: STS TUNNEL SETUP

Jeet Kumar — Fri, 06 Sep 2013 03:14:10 GMT

Hi Ray,

I am not sure whether i understood your requirement correctly but this what i understood that your remote site have a loadbalancer with 2 ISP to share the load. The firewall's outside interface has a private IP which is connected on the inside of the LB and LB is doing the NATTING.

Unfortunatley VPN doesn't work with Load balacing.

Thanks

Jeet