Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
3
Replies

Which IP address to give to Remote Client?

fullerthaler
Level 1
Level 1

‎09-27-2012 10:39 AM

I currently have two point to point VPN connections set up.  I gave one client the outside IP address of my firewall.  I gave the other client the IP address that shows up when I go to www.whatismyipaddress.com.  They are different IP addresses.  Why do they both work and is one better to use than the other?

Labels:
0 Helpful
3 Replies 3

Javier Portuguez
Level 9
Level 9

‎09-27-2012 11:04 AM

Hi,

Indeed your problem description is interesting.

You may have something like this:

LAN ------ ASA / Router ---------------------------------- ISP

                                   1.1.1.2             1.1.1.1

So, the VPN endpoint has its own public IP address, which is somehow translated by your ISP (hopefully a one-to-one translation). So, if you go to "www.whatismyipaddress.com" it shows the last / current NAT IP, which is your ISP's IP.

Assuming that the ISP has a one-to-one translation for your FW, it does not really matter pointing to one or the other, except for the fact that the one pointing to the ISP's IP will require NAT-T (since there is a NAT translation in the middle), but it should not affect the VPN performance at all.

Keep me posted.

Portu.

Please rate any helpful posts.

0 Helpful

fullerthaler
Level 1
Level 1
In response to Javier Portuguez

‎09-27-2012 11:40 AM

Our network looks like this:

LAN--------------ASA------------WAN Load Balancer---------------ISP1 & ISP2

So all traffic goes through the load balancer first, IP addresses are translated then sent to firewall.

I am still not clear which IP address I should give to the remote client to use for point to point vpn connection -

the one that is configured as the outside of the firewall or the one that shows up when you go to

www.whatismyipaddress.com.   They are both working, but is one more secure than the other?

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to fullerthaler

‎09-27-2012 11:49 AM

If the IP address of the FW is public (which I think it is), then have them point to it, it is more secure since they all point to to the same IP (so you avoid the fact to maintain different configurations), also, I have seen some issues with VPN and load-balancer devices, so you could avoid them.

Thanks.

Portu.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents