cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
24729
Views
30
Helpful
10
Replies

source and destination ip address

amralrazzaz
Level 5
Level 5

hi  need to know whats the source and destination ip address like below schedule  that i have to fill

 

 Access rules

Source IP

Dest IP

Destination protocol & port

Application used

Comments

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

need to make site to site vpn from remote location to head office location and giving access to users on remote location on some servers at head office site , so what is mean by source and dest ip ? 

is it source mean the local or private N,W IP addresses of remote location is users (ip of machine coming from) 

and destination ip addresses are the ip of the machines os servers at head office location that we trying to connect ?

 

thanks

amr alrazzaz
1 Accepted Solution

Accepted Solutions

Ah, that would be the contents of the IP packet's source and destination IP address fields as it passes through the security device doing the check. Although, generally, traffic is two way, on anyone device, the check might only be applied to traffic coming from the "outside".

For example, if you had:

VPN IP 22.22.22.22
HQ FW
Internet
Remote FW
VPN IP 33.33.33.33

HQ FQ might check for incoming traffic for destination IP 22.22.22.22 with source IP 33.33.33.33
while the Remote FW might check for incoming traffic for destination IP 33.33.33.33 with source IP 22.22.22.22.

View solution in original post

10 Replies 10

Jon Marshall
Hall of Fame
Hall of Fame

 

Basically yes to what you say. 

 

Only thing to watch out for is are you doing any NAT on these IPs and if so you would need to exempt them from the NAT or use the translated IP(s). 

 

Jon

Joseph W. Doherty
Hall of Fame
Hall of Fame
Perhaps what you're trying to ascertain is the information needed for your VPN to pass through a security device, such as a firewall. If that's the case, the IP and ports would be what your VPN "shows" as it passes through the security device.

could u please find the attached nw diagram for my remote location that we need the users to access out side (head office servers) 

may it could help

 

and ip source and dest should be what ?

amr alrazzaz

I don't see any IP information on that diagram. Plus, if that's for the remote location, you may need similar information for your HQ side.

"Who" get this information? I.e. whoever is asking for it should be able to answer questions about what's needed.

YES I KNOW IM JUST NEED TO KNOW THE CONCEPT OF SOURCE AND DESTINATION AS EXPLANATION  

what is the source and dest?

amr alrazzaz

Ah, that would be the contents of the IP packet's source and destination IP address fields as it passes through the security device doing the check. Although, generally, traffic is two way, on anyone device, the check might only be applied to traffic coming from the "outside".

For example, if you had:

VPN IP 22.22.22.22
HQ FW
Internet
Remote FW
VPN IP 33.33.33.33

HQ FQ might check for incoming traffic for destination IP 22.22.22.22 with source IP 33.33.33.33
while the Remote FW might check for incoming traffic for destination IP 33.33.33.33 with source IP 22.22.22.22.

just to correct me if im on remote location (33.33.33.33) and i need to have an access to some servers on Head office site (22.22.22.22) so in that case the source ip should me ip addresses of the machines that already connected to remote location where traffic coming from 

 

and the destination ip should be the ip addresses of the machines (servers that i want to access on head office site) that we are trying to access 

 

 

am i right ???

 

 

thanks alot for help :)

 

amr alrazzaz

The source address is the address of the device sending the packet. The destination address is the address of the device to receive the packet.

When it comes to tunnels, the end hosts would have source and destination IPs as they normally would. The devices that support the tunnel, "wrap" the host packets in their own packet, which usually has a different set of source and destination IPs, those of the tunnel end point devices.

E.g.
HQ host 10.1.1.1
HQ tunnel device 22.22.22.22
VPN transit network (e.g. Internet)
Remote tunnel device 33.33.33.33
Remote host 192.168.1.1

From HQ host to remote host - across VPN tunnel
tunnel src 22.22.22.22 dest 33.33.33.33 (encapsulated src 10.1.1.1 dest 192.168.1.1)

What your security device ACLs need to have depends on whether they see packets before or after they've be encapsulated. Usually they see the encapsulated packet.

remote tunnel device and hq tunnel device mean the real (static) ip for both site ?

amr alrazzaz
Review Cisco Networking for a $25 gift card