03-23-2010 05:58 AM
Hi,
We have got two offices in location A and B and we have site to site vpn between the offices. We have a situation in which a software will get updated if we go only from location B's public IP. I need the same software to be updated from location A also. Is it possible for me to route a particular IP (place where the sofware update is available) thorugh location B from location A via the site to site vpn?
Any help is very much appreciated
Thanks in advance,
- Ribin
03-23-2010 08:38 AM
No replies?
- Ribin
03-24-2010 06:35 AM
Is there any solution for this? I am not sure whether this could be done even...Please help me on this...
- Ribin
03-24-2010 09:15 AM
Routing the Public IP thorugh the VPN tunnel will not work because it is not in your vpn encryption domain.
You will have to policy based NAT at site B and site A.
And then add the public IP in the encrption domain at sites A and B.
But this will compliacte your setup and would require lot of changes at both ends.
An alternative easier option would be to use a proxy server (like squid) at site A, so that users at site B can use the proxy to get the software updates.
03-24-2010 09:42 AM
Thanks a ton for the response.
Yes, I am aware of the Proxy server method. But I need to do this proxy independent. Can you explain the first step?
- Ribin
03-26-2010 04:23 AM
Dear Ribin,
Can you explain what do you mean by updating a software from location B public IP ? I mean where is this software ? at location A or B ? a diagrm will certainly help here :-)
03-26-2010 04:50 AM
Please advise what device is your VPN termination point.
03-26-2010 04:58 AM
Hi,
VPN is done in Cisco 2811 router in location A and in Cisco 871/Cisco 2801 (done in both routers- any one of the two will do the job for me) in location B.
By updating a software from location B public IP means, I need to access a website from location A using location B's public IP. (Route traffic to that website from location A to location B via VPN and I should get hit to that website taking location B's public IP.)
- Ribin
03-26-2010 05:03 AM
Dear Ribin, now it clears, sorry if its bothering but now can you repeat as to what you actually want now :-) ?
Currently you have a software that gets updated from a website only when accessed from location B IP ? is that correct ?
The picture i am having is, you have internet on location A and B. You have a dedication link between both these locations.
Correct me if i am wrong anywhere
03-26-2010 05:12 AM
My mistake, there dont seems to be internet connection on location A. :-)
It actually depends on routing. you need to do (and verify) the following
1) The software IP can reach website either though static or default route. Make sure router on location A as appropriate route to reach this website(either static or default route)
2) You must be doing Natting, so add the ip of this software in natting statement (probably access-list) so that it can now reach internet.
3) Make sure you have a return route from location B to location A for this software IP.
If the above parts are in place then its quite easy :-)
03-26-2010 05:53 AM
I have Internet connection in location A and location B. I have done site to site vpn to connect these offices.
- Ribin
03-26-2010 05:04 AM
If it's a router, then it's easy.
Just add crypto ACL as follows:
On location A:
- permit ip
On location B:
- permit ip host
Hope that helps.
03-26-2010 05:48 AM
Hi,
No luck. I am getting hits to the crypto acl in location A. But I am not able to pull the site.
Just to clarify, what you mean by "public-ip-of-server-B"in your explanation? ... I guess it is the public IP of the site which I need to get via location B public IP.
- Ribin
03-26-2010 06:18 AM
Hi,
Infact when I ping to the website from location A, I get hits in Location A and Location B crypto ACL's.
Below is my crypto ACL's in locations A and B.
In Location A,
permit ip 192.168.11.0 0.0.0.255 host
In Location B,
permit ip host
- Ribin
03-30-2010 08:15 AM
Any solution to my problem?
- Ribin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide