cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1059
Views
5
Helpful
3
Replies

Site to Site VPN

sprocket10
Level 2
Level 2

I have done many site to site VPNs but I am hitting a mental block with this setup, where the remote firewall is behind a router and shares the external IP with many sites.

 

I prefer ADSM for configuration.

(I will use fake external IPs in my example)

 

Site A (standard setup)

 - Public IP 1.1.1.1

- Private IP 172.16.1.0/24

 

 

Site B (behind router)

- Public IP 2.2.2.2

- Firewall IP 192.168.1.22

- Private IP 172.17.1.0/24

 

 

I would usually configure the peer IP as the public IP and the remote network as the private IP, but obviously this isnt the case here.

1 Accepted Solution

Accepted Solutions

share external IP but not share Port.
config PAT for UDP port 500 and 4500 and then you can use external IP of remote FW. 

View solution in original post

3 Replies 3

johnd2310
Level 8
Level 8

Hi,

Is the remote firewall behind a nat device? Are you setting up vpn through a nat device?

 

Thanks

John

**Please rate posts you find helpful**

The remote firewall is for a cloud service, so using my example, public IP 2.2.2.2 could be used by many other customers connecting in.

Our private firewall IP is 192.168.1.22

 

I have been given an example from a remote Watchguard.

Remote gateway IP for tunnel 2.2.2.2, remote gateway id for tunnel authentication 192.168.1.22

share external IP but not share Port.
config PAT for UDP port 500 and 4500 and then you can use external IP of remote FW.