Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2144
Views
0
Helpful
16
Replies

Site to site Ipsec VPN

Stephen Sisson
Level 1
Level 1

‎01-20-2016 09:29 AM - edited ‎02-21-2020 08:38 PM

Hello everyone.

Need some help with a request we received this morning for adding a new site to site Ipsec VPN.

The company connecting to our network has requested two public IP's from us for making the VPN connection, I was lead to believe all VPN's need one Peer address that connects to the far end of the vpn, then we have the LAN to LAN connect.

Is there a way to setup the Cisco ASA firewall to use two public IP's with one for the Public Peer address, the other one for the Host server, if so how do you configure the Network Object, ACL, NAT settings. I've always used the one public IP for the Peer address then allow them to connect to a server on the LAN using a private address.

 

I really need your expertise to understand if this information they gave me is possible and how to configure this to use two Public IP's one for the Peer address and the other one on the Host Server

 

 

Thank you 

Labels:
0 Helpful
16 Replies 16

Richard Burts
Hall of Fame
Hall of Fame
In response to Stephen Sisson

‎01-27-2016 12:19 PM

You provided that IP address in an earlier post in this discussion and associated that address with your inside LAN. When I provided my suggested solution I tried to explain clearly what I was using that address to represent when I said "Let me suggest an example of how it could be configured, assuming that 192.168.127.54 is the private IP of your server"

It appears that what you have in your config at this point is an object-group which does not have a network-object to supply the IP address for the group. What you need to do is to configure the Private IP address of your server in the network-object statement for this object-group.

HTH

Rick

HTH

Rick
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎01-20-2016 09:38 AM

It is not entirely clear what they are asking for when they ask for 2 Public IPs. I have worked with customers who use 2 Public IPs because they have 2 VPN devices which are configured to provide failover/redundancy. And I have worked with customers who want a site to site VPN set up where the server on the inside is assumed to have a Public IP. Perhaps the server really does have a Public IP or perhaps the server has a private IP and for the VPN you do an address translation so that for the VPN the server appears as a Public IP. Can you clarify which of these you need - or perhaps what you need is something different from either of these?

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents