Firewall Wizards mailing list archives

Re: Site to siteVPN between public ip and private ip

From: "Horvath, Kevin M." <KEVIN.M.HORVATH () saic com>
Date: Tue, 30 May 2006 09:51:43 -0400

The first assumption here is that you are referring to a site to site vpn so
the short answer is No.  It has to be a routable address.  Your CA office
provider will have to NAT your 10 net address to a publicly routable
address.  Even then depending on the device that is doing the NAT it might
not even work, because NATing IPSec is not a desirable scenario.

 

What you should do is set up a client to site vpn which will allow any user
with the correct vpn profile and vpn software to connect to your vpn
endpoint (assuming NYC HQ).  Set up ipsec tunneling using tcp (you pick the
port) on the head end and then configure the client side profiles
accordingly.  Then you can just distribute the software with the profiles
preloaded and then they are set.  

 

  _____  

From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Ratna
Thurairatnam
Sent: Sunday, May 28, 2006 4:47 PM
To: firewall-wizards () listserv icsalabs com
Subject: [fw-wiz] Site to siteVPN between public ip and private ip

 

We have HQ in NYC and a remote office in CA, the users in CA office in
another companies's network(landloard is providing internet connection).

At present our CA user's PC are getting NATed ip (10.0.10.*) from landload's
network to connect to internet then they are using RDP to connect our NYC
office..

We have now bought a program which is not support to run on TS, so we now
have to giveup the TS and find the way to connect the CA to NYC. 

 

We now want to setup VPN.

is it possible to setup VPN, if our CA pix get private ip for it's external
interface?

thank you for your help in Advance.

Mutthu

 

 

  _____  

Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great
<http://us.rd.yahoo.com/mail_us/taglines/postman7/*http:/us.rd.yahoo.com/evt
=39666/*http:/messenger.yahoo.com>  rates starting at 1¢/min.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Site to siteVPN between public ip and private ip Ratna Thurairatnam (May 28)
- Re: Site to siteVPN between public ip and private ip Ben Nagy (May 30)
- Re: Site to siteVPN between public ip and private ip Sanford Reed (May 31)
- <Possible follow-ups>
- Re: Site to siteVPN between public ip and private ip David Swafford (May 29)
- Re: Site to siteVPN between public ip and private ip Horvath, Kevin M. (May 30)