site to site vpn - server to server (socket to socket) connection

Options
eitan
eitan Posts: 9
First Comment
edited April 2021 in Security

I need help with my next challenge and that is to create a site to site vpn. It has to be what cisco refers to as the extranet scenario. My partner's company and my company want to establish a site to site vpn between two servers. The vpn is to be restricted to only allow two servers (two sockets) to communicate securely across the internet. One server  at my company the other at my partners'. We do not want to share subnets etc...
i believe my peer ip is 209.183.24.195. I want to use 216.254.177.194 (which is my first usable public ip) as the vpn public ip for the the server at my location, internally my servers address is 192.168.1.3. Port to use on my server will be 2111. No internal IPs will be visible between the two companies. 
I will use my partner's peer public IP as  7.7.7.7, and the public ip, and port, of my partner's server as 6.6.6.6:2000 
Thank you in advance

All Replies

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options
    @eitan
    Your application is that you want the 192.168.1.3:2111 can access peer internal device via 7.7.7.7 and 7.7.7.7 will actually mapping to the server IP 6.6.6.6:2000?
    Charlie

  • eitan
    eitan Posts: 9
    First Comment
    Options
    yes
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options
    @eitan
    Regrading to this case, 
    you need to configure extra SNAT on VPN page and policy routing on your own Palo Alto,
    here is an example(on Palo Alto)

    Here is Guide as your reference.
    SNAT on VPN environment
    Charlie

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)