mailing list archives
Re: Site to siteVPN between public ip and private ip
From: "Horvath, Kevin M." <KEVIN.M.HORVATH () saic com>
Date: Tue, 30 May 2006 09:51:43 -0400
The first assumption here is that you are referring to a site to site vpn so
the short answer is No. It has to be a routable address. Your CA office
provider will have to NAT your 10 net address to a publicly routable
address. Even then depending on the device that is doing the NAT it might
not even work, because NATing IPSec is not a desirable scenario.
What you should do is set up a client to site vpn which will allow any user
with the correct vpn profile and vpn software to connect to your vpn
endpoint (assuming NYC HQ). Set up ipsec tunneling using tcp (you pick the
port) on the head end and then configure the client side profiles
accordingly. Then you can just distribute the software with the profiles
preloaded and then they are set.
From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Ratna
Sent: Sunday, May 28, 2006 4:47 PM
To: firewall-wizards () listserv icsalabs com
Subject: [fw-wiz] Site to siteVPN between public ip and private ip
We have HQ in NYC and a remote office in CA, the users in CA office in
another companies's network(landloard is providing internet connection).
At present our CA user's PC are getting NATed ip (10.0.10.*) from landload's
network to connect to internet then they are using RDP to connect our NYC
We have now bought a program which is not support to run on TS, so we now
have to giveup the TS and find the way to connect the CA to NYC.
We now want to setup VPN.
is it possible to setup VPN, if our CA pix get private ip for it's external
thank you for your help in Advance.
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great
=39666/*http:/messenger.yahoo.com> rates starting at 1¢/min.
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com