PIX TUNNEL BETWEEN PUBLIC IP'S

jcarrillo6 · ‎01-11-2007

greetings,

I have a tunnel between two locations....

location 1 has a static mapping to an FTP server.

Location 2 has a static maping to an FTP server.

the tunnel comes up when location one and location two talk to eachother via statically mapped PUBLIC IP address. is this possible? the public IP addresses able to go throught the tunnel instead of the private IP addresses?

no NAT.

In my other tunnels, I can connect over the tunnel using the private IP on the other end. But if Im looking at the config correctly, the ipsec access list has the public ip address of the location one FTP server as the source address instead of the private IP. and the destination is the Public Ip of the location 2 ftp server. This still triggers the tunnel but is this traffic really secure? public IP to Public IP?

thanks!

JC

5220 · ‎01-11-2007

Hi JC,

Don't worry about the static mappings, you can still use NAT 0 between the VPN endpoints. Just add to NAT 0 the same ACL as the crypto domain (LAN1 to LAN2).

The alternative is this:

All the hosts are PATed to one Public IP.

In addition a static is created for the FTP port(s).

Configuration for one end:

nat 1 (inside) LAN 1

global 1 (outside) Public-IP-1

static (inside,outside) tcp Public-IP-1 20 FTP-server-IP 20 netmask 255.255.255.255

static (inside,outside) tcp Public-IP-1 21 FTP-server-IP 21 netmask 255.255.255.255

The VPN will be done between Public-IP-1 and Public-IP-2

Please rate if this helped.

Regards,

Daniel