cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1412
Views
5
Helpful
3
Replies

Virtual IP for IPsec VPN

Hi,

 

I am wondering if a virtual IP can be used to setup a site to site vpn?

 

there is a cisco asa  FWA on the inside of the network using private IP address on its outside interface and needs to setup a site-to-site vpn between it and another device over the internet iNet_FW that is using a public IP address. Would it be possible i nat the FWA private address to a public address on the internet edge FW and when iNet_FW initiates a vpn connection to FWA natted ip, FW accepts the connection based on firewall rules and translates this to the private IP of FWA and FWA builds the tunnel? 

1 Accepted Solution

Accepted Solutions

if you have a static routing or dynamic routing between the 1internalFW and 2EgedFW this will work.

the site to site vpn can be terminate at 2Edgefw public ip. and if 2EdgeFW now how to route back to 1internalFW this should work.

 

 

 

please do not forget to rate.

View solution in original post

3 Replies 3

so it like this

 

inside-----(privateip)ASA-FW-----outside(private-ip)---------modem(public-ip)-------Internet--------FW(public-ip)

 

 

if this is correct than you have to do a port-forwarding to your modem towards the ASA.

i use a similar setup for anyconnect and its working for me. so dont see why it wont work for you.

please do not forget to rate.

 

                             1 internal FW                                             2 Edge FW                                               3rd party
inside-(private-IP)FWA(private-IP)outside----Inside(private-ip)iNet_FW(public_ip)Outside----Internet-----FW

 

 

On the Edge FW, a static nat for the internal FW outside (private ip) to a public ip on the Edge FW.

WIll the nat translation allow the 3rd party firewall establish a vpn with the internal FW

if you have a static routing or dynamic routing between the 1internalFW and 2EgedFW this will work.

the site to site vpn can be terminate at 2Edgefw public ip. and if 2EdgeFW now how to route back to 1internalFW this should work.

 

 

 

please do not forget to rate.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: