Sign in with
Sign up | Sign in
Your question

Site to Site through Internet (Public IP to Private)

Last response: in Toms Network
Share
December 31, 2007 3:07:48 PM

Hi,

I hope this isn't redundant. I tried to find this solution all over but couldn't.
Here’s what we got:

We have around 400 end users not counting printers and other peripherals with IP addresses, and second pc’s and laptops. We just upgraded our Ethernet Backbone to two 6500 Core Cisco Switches and 8 closets with 3750 stackables. We are using a User Vlan, Management VLan and Firewall VLan. We have another 2600 series router going out to an Agency Router, which is connecting us to our offsite remote location. We have public IP’s for everything. We thought about using private inside, but would be a lot more work than we wanted to do this time around.

Here’s what we would like to do. I do almost all of the research here for networking, and I am not an expert. In our remote site, we only have about 5 servers with Public IPs, and there is another 2600 router which is connecting this remote site to the agency router. Each server has an RSA adaptor card in it for Out Of Band Management. I want to configure the RSA adaptors with private IP addresses and be able to control them from here and the remote location as well, (from the public IP addresses). I played around with NAT and was able to get out from the private IP addresses, but cannot configure it to go from the public IP addresses to the private. The agency will not route a private IP address.

I have tried exploring VPN and could not figure out how to use it for this scenario. I need to go from our public ip, through the firewall, through the agency router, into the other firewall, through that router, then into a private IP, keeping the existing public IP for the servers. The Firewall guy doesn’t want to make a VPN with the firewall, and we cannot use a server because the RSA cards have to assessable even when the servers are down.

Can this be done with just Cisco routers? Is there any documentation that gives step by step, or has been written for someone who has knowledge of Cisco, but is not an expert?

Thank you
January 4, 2008 7:08:26 PM

[YOU] -> [Firewall] -> [RouterA] -> [Firewall] -> [RouterB] -> [Private IP]

Would forwarding all the required ports on the RouterB to the private IP address work? I'm still learning Cisco stuff my self, so... I'm not sure if this would work. :p 
March 10, 2008 12:25:35 AM

Yes, you can create an IPSEC tunnel with routers provided you have the correct feature set. It's very common practice and very easy to setup.

Don't even worry about the devices in between. So long as it will pass the traffic, there's nothing you have to do to them.

Here's one configuration example.

http://www.cisco.com/en/US/docs/routers/access/1800/180...
Related resources
!