09-04-2013 04:22 PM - edited 03-11-2019 07:34 PM
Hello Experts,
We need to create a STS tunnel with one of our client and they have the load balancer in front of their firewall and two ISP link are terminated on load balancer and load balance internal network is connected with firewall. Firewall interface which is connected with LB has private IP address assigned which is acting as a wan port and firewall has one internal face configured where the servers are placed so there are two natting here -one is at the firewall and second one is on LB. LB has the natting configured with public IPs of ISPs and both ISPs IP being terminating on LB -not on firewall. Now we need to establish a STS tunnel with client firewall where the public not being terminated so it possible that the private IP of outside interface of firewall I do the nat on LB with public IP and then create a tunnel on firewall. Would it work? Please explain in details if it works or not.
Thanks
Sent from Cisco Technical Support iPhone App
09-05-2013 04:37 AM
Can somebody response on this ?
Sent from Cisco Technical Support iPhone App
09-05-2013 05:49 AM
Hi Ray,
I hope it should work if you do one to one NAT on loadbalancer with a public IP to private IP of the firewall outisde interface and having a rule that should allow the required traffic to the firewall outside IP or any any rule set for the NAT. i.e. which should not block any traffic towards the firewall outside IP.
Client end (Public IP) --> ISP --> LB(Public to Private IP NAT towards firewall Interface) --> ASA(configured with the private IP as its outside & VPN peer ip as it is.
Let me go through some scenarios and possibly can confirm you on the same...
Regards
Karthik
09-05-2013 06:11 AM
Please confirm if it works. I tested out this but unfortunately it's not working.
Sent from Cisco Technical Support iPhone App
09-05-2013 06:07 PM
Can somebody please provide more inputs on this.
Thanks.
09-05-2013 08:14 PM
Hi Ray,
I am not sure whether i understood your requirement correctly but this what i understood that your remote site have a loadbalancer with 2 ISP to share the load. The firewall's outside interface has a private IP which is connected on the inside of the LB and LB is doing the NATTING.
Unfortunatley VPN doesn't work with Load balacing.
Thanks
Jeet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide