Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
931
Views
5
Helpful
3
Replies

VPN Internal Subnets to Public Subnets between 2 FWs

Go to solution
dogiii
Level 1
Level 1

‎12-18-2017 05:07 AM - edited ‎03-12-2019 04:50 AM

Hi guys,

 

I have a problem. I am trying to configure a VPN between 2 remote sites .  One is our ASA and the other is a stormshield. Our ASA has a public IP address and behind it are some Internal ip addresses . The Remote Site has a Stormshield FW with a Public IP Address and behind that are more PUBLIC ip Subnets . What our customer wants is to be able to communicate through a VPN between those 2 FWs . So if they want to communicate with an IP Address of 10.1.1.1 to a Public IP address 192.1.1.1 it should go through the VPN. I would set up the tunnel and the IPSEC so the external ip addresses of the FWs are only in the crypto maps "acl" . But how do I make these internal ip addresses communicate with the external ip addreses behind the fw? With routing ? Is there a way to route these specifically through the vpn? I am sorry if I sound confused cause I am a bit. Let me know what you guys need if you have a suggestion. thank you!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎12-18-2017 05:33 AM

If the traffic matches the crypto acl it will encrypted and sent over the VPN tunnel.

If the traffic does not match the crypto acl it will be sent unencrypted by the FW.

It does not matter if the IPs are public or private.

In both cases you need to have the routing configured to point to the right interface (in your case i believe the outside interface).

View solution in original post

3 Replies 3

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎12-18-2017 05:33 AM

If the traffic matches the crypto acl it will encrypted and sent over the VPN tunnel.

If the traffic does not match the crypto acl it will be sent unencrypted by the FW.

It does not matter if the IPs are public or private.

In both cases you need to have the routing configured to point to the right interface (in your case i believe the outside interface).

Go to solution
dogiii
Level 1
Level 1
In response to Bogdan Nita

‎12-18-2017 05:41 AM

Well, are they going to be able to communicate to each other ? Since these are public ip addresses and those are internal ip addresses...

0 Helpful

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni
In response to dogiii

‎12-18-2017 06:24 AM

Yes, they will be able to communicate.

0 Helpful
Customers Also Viewed These Support Documents