topic Re: Problem in Site-to-site VPN ? in Network Security

Problem in Site-to-site VPN ?

vinayak — Mon, 11 Mar 2019 18:39:14 GMT

Hello All,

I am having head office & branch office. our servers are at head office having ip address in serise 192.168.1.0.

I want to establish site-to-site VPN between these 2 offices. also i want to reach some specific ports of head office server such as :

for example :

I want to reach

IP Port

192.168.1.9 171

192.168.1.3 989

192.168.1.23 85

How to do that.??? can anyone help me...

Thanks...

Re: Problem in Site-to-site VPN ?

vinayak — Mon, 13 Sep 2010 09:38:49 GMT

Hello All,

I am having head office & branch office. our servers are at head office having ip address in serise 192.168.1.0.

I want to establish site-to-site VPN between these 2 offices. also i want to reach some specific ports of head office server such as :

for example :

I want to reach

IP Port

192.168.1.9 171

192.168.1.3 989

192.168.1.23 85

How to do that.??? can anyone help me...

Thanks...

Re: Problem in Site-to-site VPN ?

Jitendriya Athavale — Mon, 13 Sep 2010 09:55:02 GMT

hi vinayak,

we can have a site to site vpn, but to proceed any further please brief us more about ur networks and devices and natting that you will be having

here are the general guide lines

which ever traffic needs to be encrypted should be identified in crypto acl and should be exempted from natting

if you can provide us details about ur devices i can send me appropriate config guides

Re: Problem in Site-to-site VPN ?

vinayak — Mon, 13 Sep 2010 10:19:35 GMT

hello,

Thanks for reply.

I am having router conncted directly to ISP & Firewall connected to router. I want to configure VPN on ASA Firewall. The LAN traffic is natted to public IP.

For example :

Router Outside having IP (1.1.1.1/29)

Router Inside having IP (10.0.0.1/29)

Firewall Outside (Connected to router having 10.0.0.2/29)

Firewall inside (Connected to LAN having 172.10.1.1/24)

I do nat of public IP 1.1.1.2. i.e i mapped 10.0.0.2 (private address on public ip 1.1.1.2).

can i use 1.1.1.2 ip for site-to-site VPN as a peer IP ???

I want to reach specific ports of server as given in my question so how to do that ?

If anything you require just reply me..

Thanks..

Re: Problem in Site-to-site VPN ?

dhananjoy chowdhury — Mon, 13 Sep 2010 11:16:02 GMT

Hi,

You can use the ASA fw Public IP on the router (1.1.1.2) as the VPN peer on the HQ side.

On the ASA, configure the crypto ACL with the local provate LAN as your source and destination as the HQ servers (192.168.1.*)

Add route on the ASA fw for 192.168.1.0 towards Outside (Router internal interface IP)

In the Router ACL you will have to allow the ports UDP 500, ESP and UDP 1000

Hope this helps.

Re: Problem in Site-to-site VPN ?

vinayak — Mon, 13 Sep 2010 11:20:06 GMT

Hello Dhananjoy,

Can u please tell me how to allow ports on router ???