Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2474 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site VPN with Cisco using Public IP

PaulSnyder
I am setting up an IPSec VPN with a Cisco VPN on the other end and it is a requirement for us to use public IPs on the tunnel. So, essentially, the public IPs would not be accessible unless they are coming through the VPN tunnel. This setup is allowed using a Cisco VPN but I am not able to figure out how to set it up using Asatro. Astaro is also configured to do NAT for another set of IP range. Any help is appreciated.


This thread was automatically locked due to age.
Parents
  • 0
    Those all look like public IPs.  If they aren't, please edit your post and change to 172.16.x.y for private IPs.  Also, is "VPNLocalNet" short for 'Local networks' in the 'IPsec Connection' definition?, and is 101.x.x.x/28 an actual network connected to a UTM interface, or is it the public range that we want to SNAT from?

    If I have understood correctly, then put 201.y.y.y/16, 202.y.y.y/16 and 202.y.y.y/23 into a Group named "RemoteNets" and the rule would look like:

    SNAT : Internal (Network) -> Any -> RemoteNets : from {101.x.x.x}



    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Those all look like public IPs.  If they aren't, please edit your post and change to 172.16.x.y for private IPs.  Also, is "VPNLocalNet" short for 'Local networks' in the 'IPsec Connection' definition?, and is 101.x.x.x/28 an actual network connected to a UTM interface, or is it the public range that we want to SNAT from?

    If I have understood correctly, then put 201.y.y.y/16, 202.y.y.y/16 and 202.y.y.y/23 into a Group named "RemoteNets" and the rule would look like:

    SNAT : Internal (Network) -> Any -> RemoteNets : from {101.x.x.x}



    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML