Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
7
Replies

Public server over vpn

Adrian Davies
Level 1
Level 1

‎12-11-2012 11:33 AM

We have asa connected via vpn

Site 1 is live

Site 2 is in. Standby

We have a web site (asa public server) which is live in site 1. We need to switch this to site 2, as the site 1 dc is shutting down. What we need to do is redirect all traffic hitting the site 1 asa (in case of slow dns update or clients having fixed ip to our service) is it possible to set up public server (open port) to send the traffic over the vpn?

Labels:
0 Helpful
7 Replies 7

ALIAOF_
Level 6
Level 6

‎12-11-2012 11:43 AM

If it is a web server and you need to give users access to the webserver located at Site 2.  You just setup the NAT for that server accordingly depending on how your sites are connected.  Is your site 2 getting to the Internet via Site 1?  In that case you just update the NATed IP of the server on the ASA.

But you mentioned VPN so it can also mean that you have an Internet connection at Site 2 with another ASA.  So in that case you can just point the DNS entry to an available public IP addres at Site 2 and then NAT that public IP address to the Webserver at Site 2.

0 Helpful

Adrian Davies
Level 1
Level 1
In response to ALIAOF_

‎12-11-2012 11:59 AM

Thanks but i think you misunderstood what we need to do

When we switch sites (ie change dns) all external traffic should hit the second site asa (which is aleady set up)

What we need to do is ensure any traffic which may hit site one (i.e via slow dns propgation or hard coded access) get redirect to the correct site.

If we can set the public servers on the asa to go over the vpn link between the two sites it would be ideal

0 Helpful

ALIAOF_
Level 6
Level 6
In response to Adrian Davies

‎12-11-2012 12:52 PM

Then you can just NAT the public IP on the Site 1 ASA to the Site 2 server as well.

0 Helpful

Adrian Davies
Level 1
Level 1
In response to ALIAOF_

‎12-11-2012 01:15 PM

Yeh tried that but when nating i have to select an named interface, but vpn are not named as interfaces

0 Helpful

ALIAOF_
Level 6
Level 6
In response to Adrian Davies

‎12-11-2012 01:22 PM

You can't just update the NAT like this...?

network object webserver

host 192.168.1.10 (This would be the IP of the webserver located at Site #2)

nat (inside,outside) static 1.1.1.1 (1.1.1.1 being the public IP)

0 Helpful

Adrian Davies
Level 1
Level 1
In response to ALIAOF_

‎12-12-2012 06:45 AM

no sorry that does not work

0 Helpful

ALIAOF_
Level 6
Level 6
In response to Adrian Davies

‎12-12-2012 07:04 AM

What doesn't work in that exactly?  How do you have the NAT setup right now?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents