cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2170
Views
15
Helpful
19
Replies

Ip tunneling...

hsnanua2011
Level 1
Level 1

Dear all,

I have an issue. We have been told by our tutor, to find a solution for a scenario and i have been cracking my head.

I have a Cisco Asa firewall (5505). I normally connect to a remote entity using IPSEC VPN. Now, the scenario is, the client (remote entity) wants to use public IP VPN tunnel instead of Private IP vpn...

Question:

1. What is the difference between public ip vpn and private ip vpn?

2. Can the cisco ASA 5505 support public ip vpn?

3. if so, how do we confiugure it?

4.Are there any other options to this?

PLease assist? I was looking at split tunneling and all...

Thanks

19 Replies 19

hsnanua2011
Level 1
Level 1

Hmmm... that is a good plan.

So basically, i create a vpn tunnel between the Proserve router and the VPN router (ASA FW).

But i dont understand which router i need to do the static one to one NAT.

What about this option:

-

NAT a public Ip from Proserver into a spare interface of my cisco ASA FW (VPN router).

steps:

1. DO a NAT outside for the Proserve router, with the access list too.

2. Do a NAT inside on the ASA.

3. Create FW directly from here.

Is this Plausible? Anyway, feel free to draw on the uploaded image for a more clearer picture..

Thanks

You need use one of your ProServe routers as gateway for your VNP router. More logical will be use closest to your VPN router for NAT translation.

Sincerely,

GRinch

Hi,

It seems for me that the actually issue is being changing by every post OR we are missunderstand the actual problem.

Let me draw the below topology with my imagination.

Internet Link---> directly terminated on ProServe (I think it is Procurve HP)--->VPN router on which you want create VPN tunnel to other end

Is that above right what you want achieve? Let me know if that is not the actual topology.

If yes, Create a static NAT with a Public IP to your VPN router private IP.
Now use that Nated public IP as the VPN tunnel peer.

Why dont you have a public IP directly configure on the VPN router if you have free IP's?


Please rate the helpfull posts.
Regards,
Naidu.

Yea... thats about it the topology...

So, in summary :

1. Create a static nat from ProServe router (public ip) to VPN router (private IP)

2. Create a VPN from the VPN with that NAT-ed ip

Is that right?

Thanks    

Good day,

It's correct.

-Grinch