site to site vpn - server to server (socket to socket) connection
Options
I need help with my next challenge and that is to create a site to site vpn. It has to be what cisco refers to as the extranet scenario. My partner's company and my company want to establish a site to site vpn between two servers. The vpn is to be restricted to only allow two servers (two sockets) to communicate securely across the internet. One server at my company the other at my partners'. We do not want to share subnets etc...
i believe my peer ip is 209.183.24.195. I want to use 216.254.177.194 (which is my first usable public ip) as the vpn public ip for the the server at my location, internally my servers address is 192.168.1.3. Port to use on my server will be 2111. No internal IPs will be visible between the two companies.
I will use my partner's peer public IP as 7.7.7.7, and the public ip, and port, of my partner's server as 6.6.6.6:2000
Thank you in advance
0
All Replies
-
@eitan
Your application is that you want the 192.168.1.3:2111 can access peer internal device via 7.7.7.7 and 7.7.7.7 will actually mapping to the server IP 6.6.6.6:2000?
Charlie
0 -
yes0
-
@eitan
Regrading to this case,
you need to configure extra SNAT on VPN page and policy routing on your own Palo Alto,
here is an example(on Palo Alto)
Here is Guide as your reference.
SNAT on VPN environment
Charlie0
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight