Tom's Hardware > Forum > TomsNetworking > Article Discussions > Site to Site through Internet (Public IP to Private)

Site to Site through Internet (Public IP to Private)

Forum TomsNetworking : Article Discussions - Site to Site through Internet (Public IP to Private)

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!

Ask the community Add a reply

Bottom Search this thread

Hi,

I hope this isn't redundant. I tried to find this solution all over but couldn't.
Here’s what we got:

We have around 400 end users not counting printers and other peripherals with IP addresses, and second pc’s and laptops. We just upgraded our Ethernet Backbone to two 6500 Core Cisco Switches and 8 closets with 3750 stackables. We are using a User Vlan, Management VLan and Firewall VLan. We have another 2600 series router going out to an Agency Router, which is connecting us to our offsite remote location. We have public IP’s for everything. We thought about using private inside, but would be a lot more work than we wanted to do this time around.

Here’s what we would like to do. I do almost all of the research here for networking, and I am not an expert. In our remote site, we only have about 5 servers with Public IPs, and there is another 2600 router which is connecting this remote site to the agency router. Each server has an RSA adaptor card in it for Out Of Band Management. I want to configure the RSA adaptors with private IP addresses and be able to control them from here and the remote location as well, (from the public IP addresses). I played around with NAT and was able to get out from the private IP addresses, but cannot configure it to go from the public IP addresses to the private. The agency will not route a private IP address.

I have tried exploring VPN and could not figure out how to use it for this scenario. I need to go from our public ip, through the firewall, through the agency router, into the other firewall, through that router, then into a private IP, keeping the existing public IP for the servers. The Firewall guy doesn’t want to make a VPN with the firewall, and we cannot use a server because the RSA cards have to assessable even when the servers are down.

Can this be done with just Cisco routers? Is there any documentation that gives step by step, or has been written for someone who has knowledge of Cisco, but is not an expert?

Thank you

Add a reply

[YOU] -> [Firewall] -> [RouterA] -> [Firewall] -> [RouterB] -> [Private IP]

Would forwarding all the required ports on the RouterB to the private IP address work? I'm still learning Cisco stuff my self, so... I'm not sure if this would work.

Reply to rgeist554

Yes, you can create an IPSEC tunnel with routers provided you have the correct feature set. It's very common practice and very easy to setup.

Don't even worry about the devices in between. So long as it will pass the traffic, there's nothing you have to do to them.

Here's one configuration example.

http://www.cisco.com/en/US/docs/ro [...] pngre.html

Message edited by railgun1369 on 03-10-2008 at 02:26:53 AM

Reply to railgun1369

Ask the community Add a reply

Tom's Hardware > Forum > TomsNetworking > Article Discussions > Site to Site through Internet (Public IP to Private)

Go to:

Help |
Forum rules

There are 1171 identified and unidentified users. To see the list of identified users, Click here.

Page generated in 0.348 seconds

Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel

Focus On

Site to Site through Internet (Public IP to Private)

Forum TomsNetworking : Article Discussions - Site to Site through Internet (Public IP to Private)

Please mind