07-29-2011 12:35 PM - edited 03-11-2019 02:05 PM
I have a request to establish a site to site VPN with a customer. While collecting the information I give them our local network subnet which is a private subnet (192.168.5.0). They asked me if I could give them a public address instead. They can not work with the 192.168.5 subnet. Is this possible?
My side of the VPN is an ASA 5505 running 8.2(2). The other side i believe is a Checkpoint.
07-29-2011 12:40 PM
Local lan network that you are using is RFC1918 , it is not globally routed. I am not sure on what level of site to site vpn you are doing , But for complete access , they will need your Public Ip on the asa and your LAN address ( which you have given already ) , you will also need the same info from the other end to configure your side of the Site2Site.
Manish
07-29-2011 12:58 PM
Yes, they have my public IP and I have their information as well. However they cannot work with my local LAN subnet and are asking that I provide them public addresses for the local LAN. Without putting public IP addresses on my internal workstations is this even possible?
07-29-2011 01:33 PM
is this site to site going to be for complete access to each other's LAN or is it going to be for certain server that they have exposed to the internet but need ipsec encryption ?
Manish
07-29-2011 02:47 PM
limited hosts and ports. It is mainly one way for remote support of 2 servers. HTTPS and RDP.
07-29-2011 02:55 PM
Russ,
I think you should ask them to provide you with more information on why they need Public IP's ? If its two servers only and they insist that they need public ip's , then you can always static nat your two machines , and then you can encrypt communication between public ip's using IPsec.
But then again I will again ask for explanation from the other end.
Manish
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide