Point-to-Point VPN through a NATed ADSL Modem
Greetings,
I am trying to setup a Point-to-point vpn tunnel using the Cisco Pix ASA. Here is the scenario:
One location got a ASA connected to a Cable modem which assigns its Public IP (static) address directly to the ASA.
On the other Location the other ASA is connected to an ADSL Modem which do NATing hence, it get a private ip address on the asa interface (but got net access & a static Public IP)
Question is... Can the this ASA establish the vpn without having the Public IP address on its Interface? or can the tunnel go through a NATed modem or does it have to be in bridged Mode
Anyone experienced in Cisco PiX ASA.. Any thoughts on this is much apprciated
Thank you
Software/Hardware used:
Software/Hardware used:
ASKED:
February 1, 2008 8:03 PM
UPDATED:
June 8, 2012 2:24 AM
RELATED QUESTIONS
Answer Wiki:
If you control the NAT, you should be able to configure an outward-facing IP address that connects to the desired internal opposite end node address. You may have to use a port number assignment to differentiate VPN packets, much as a mail exchange (MX) packet can be redirected across a firewall.
If your NATted modem is not that flexible, you may be at a loss for doing VPN. But the bottom line here is you must choose how to differentiate VPN packets, readdress them (if needed) and send them inside to the correct internal (10.x.x.x/192.168.x.x private) address.
Bridging is not a concept that plays well with private address spaces because the private address space is what you are trying to keep protected by NAT.
Please give us the answer you adopted so this four year old question can be closed.
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
