Point-to-Point VPN through a NATed ADSL Modem

20 pts.
Tags:
ASA
PIX
Through NAT ADSL Modems
VPN
Greetings, I am trying to setup a Point-to-point vpn tunnel using the Cisco Pix ASA. Here is the scenario: One location got a ASA connected to a Cable modem which assigns its Public IP (static) address directly to the ASA. On the other Location the other ASA is connected to an ADSL Modem which do NATing hence, it get a private ip address on the asa interface (but got net access & a static Public IP) Question is... Can the this ASA establish the vpn without having the Public IP address on its Interface? or can the tunnel go through a NATed modem or does it have to be in bridged Mode Anyone experienced in Cisco PiX ASA.. Any thoughts on this is much apprciated Thank you

Answer Wiki

Thanks. We'll let you know when a new response is added.

If you control the NAT, you should be able to configure an outward-facing IP address that connects to the desired internal opposite end node address. You may have to use a port number assignment to differentiate VPN packets, much as a mail exchange (MX) packet can be redirected across a firewall.

If your NATted modem is not that flexible, you may be at a loss for doing VPN. But the bottom line here is you must choose how to differentiate VPN packets, readdress them (if needed) and send them inside to the correct internal (10.x.x.x/192.168.x.x private) address.

Bridging is not a concept that plays well with private address spaces because the private address space is what you are trying to keep protected by NAT.

Please give us the answer you adopted so this four year old question can be closed.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following