08-10-2011 03:36 AM - edited 03-04-2019 01:14 PM
Dear all,
I have an issue. We have been told by our tutor, to find a solution for a scenario and i have been cracking my head.
I have a Cisco Asa firewall (5505). I normally connect to a remote entity using IPSEC VPN. Now, the scenario is, the client (remote entity) wants to use public IP VPN tunnel instead of Private IP vpn...
Question:
1. What is the difference between public ip vpn and private ip vpn?
2. Can the cisco ASA 5505 support public ip vpn?
3. if so, how do we confiugure it?
4.Are there any other options to this?
PLease assist? I was looking at split tunneling and all...
Thanks
08-11-2011 03:36 AM
Hmmm... that is a good plan.
So basically, i create a vpn tunnel between the Proserve router and the VPN router (ASA FW).
But i dont understand which router i need to do the static one to one NAT.
What about this option:
-
NAT a public Ip from Proserver into a spare interface of my cisco ASA FW (VPN router).
steps:
1. DO a NAT outside for the Proserve router, with the access list too.
2. Do a NAT inside on the ASA.
3. Create FW directly from here.
Is this Plausible? Anyway, feel free to draw on the uploaded image for a more clearer picture..
Thanks
08-11-2011 03:50 AM
You need use one of your ProServe routers as gateway for your VNP router. More logical will be use closest to your VPN router for NAT translation.
Sincerely,
GRinch
08-11-2011 05:08 AM
Hi,
It seems for me that the actually issue is being changing by every post OR we are missunderstand the actual problem.
Let me draw the below topology with my imagination.
Internet Link---> directly terminated on ProServe (I think it is Procurve HP)--->VPN router on which you want create VPN tunnel to other end
Is that above right what you want achieve? Let me know if that is not the actual topology.
If yes, Create a static NAT with a Public IP to your VPN router private IP.
Now use that Nated public IP as the VPN tunnel peer.
Why dont you have a public IP directly configure on the VPN router if you have free IP's?
Please rate the helpfull posts.
Regards,
Naidu.
08-11-2011 09:17 AM
Yea... thats about it the topology...
So, in summary :
1. Create a static nat from ProServe router (public ip) to VPN router (private IP)
2. Create a VPN from the VPN with that NAT-ed ip
Is that right?
Thanks
08-11-2011 08:26 PM
Good day,
It's correct.
-Grinch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide