|
Posted by Newbie72 on November 5, 2007, 1:02 pm
If you were Registered and logged in, you could reply and use other advanced thread options > Newbie72 wrote:
> > wrote:
> >> I have been asked to setup a site-site VPN tunnel using IPSEC.
> >> Building the tunnel is not a issue for me. However, the folks at the
> >> remote site are requiring that we provide a public ip address for our
> >> local host. which they will be connecting to. I have searched the
> >> cisco.com site and have not found a easy explained solution. The
> >> remote site wants a configuration simular to below
>
> >> Remote Site VPN End Point: 1.1.1.1
> >> Host Ip Address at remote site 2.2.2.1 and 2.2.2.2
>
> >> Our site
> >> VPN End Point: 3.3.3.3
> >> Local Host which will be tunneling traffic: They are requiring this to
> >> be a public ip. Currently we use RFC-1918 addresses which means we
> >> will have to translate a public address to our private host addresses.
>
> >> Can I simply setup a static NAT statement which translates the public
> >> address to our private addresss as we are only using one host on our
> >> side?Then do I set "match address" to the public IP?
>
> >> Thanks,
> >> Steve J
>
> > Anbody got any suggestions?
>
> This is a lot easier than most people think. Just nat the inside to an
> external IP.
>
> static (inside,outside) 4.4.4.4 3.3.3.3 netmask 255.255.255.255
>
> And then when you configure the ACLs for the VPN use the 4.4.4.4 as the
> host on your side. And do not configure a NoNat ACL.
>
> That's it.
>
> Scott- Hide quoted text -
>
> - Show quoted text -
I should have went back and closed this thread. you are right though.
It ended up being alot easier than I thought.
I ran out time and threw caution to the wind a week or 2 ago and did
just as you suggested and it now works flawlessly. Thanks for the
reply.
| 
XML site map