Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
269
Views
0
Helpful
1
Replies

Site 2 site VPN Device Behind a Firewall

saroj pradhan
Level 1
Level 1

‎11-23-2015 06:28 AM

Hello  Team,

can  you  please  help  me  to understand, if the  Site-A  VPN device is  Internat  facing and  Site-B VPN Device is  Behind another Firewall .

The outside interface of the Site-B VPN device is NAT with  Firewall.  Can the Site 2 site VPN works in this setup. Please guide.

    Site-A ------------------------------------------------------------------------Site-B

    Firewall VPN >-----internet ------------------------------------------------Internet < Firewall --- Firewall  VPN

Regards,

Saroj P

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-23-2015 12:45 PM

That should work if both VPN-devices are of a recent firmware-version.

  1. If Site-B has a fixed IP, then make sure you forward and allow all UDP/500 and UDP/4500 traffic to the VPN-firewall. The Site-A firewall has to use the public IP of the internet-firewall as the peer.
  2. If the Site-B has a dynamic IP, then it still works, but the Site-B VPN-firewall has to initiate the VPN-connection.
0 Helpful
Customers Also Viewed These Support Documents