Solved: Re: Site to Site VPN

sprocket10 · ‎04-22-2022

I have done many site to site VPNs but I am hitting a mental block with this setup, where the remote firewall is behind a router and shares the external IP with many sites.

I prefer ADSM for configuration.

(I will use fake external IPs in my example)

Site A (standard setup)

- Public IP 1.1.1.1

- Private IP 172.16.1.0/24

Site B (behind router)

- Public IP 2.2.2.2

- Firewall IP 192.168.1.22

- Private IP 172.17.1.0/24

I would usually configure the peer IP as the public IP and the remote network as the private IP, but obviously this isnt the case here.

MHM Cisco World · ‎04-22-2022

share external IP but not share Port.
config PAT for UDP port 500 and 4500 and then you can use external IP of remote FW.

View solution in original post

johnd2310 · ‎04-22-2022

Hi,

Is the remote firewall behind a nat device? Are you setting up vpn through a nat device?

Thanks

John

**Please rate posts you find helpful**

sprocket10 · ‎04-22-2022

The remote firewall is for a cloud service, so using my example, public IP 2.2.2.2 could be used by many other customers connecting in.

Our private firewall IP is 192.168.1.22

I have been given an example from a remote Watchguard.

Remote gateway IP for tunnel 2.2.2.2, remote gateway id for tunnel authentication 192.168.1.22

MHM Cisco World · ‎04-22-2022

share external IP but not share Port.
config PAT for UDP port 500 and 4500 and then you can use external IP of remote FW.