Site to Site IPSEC VPN to tunnel ONLY external IP's

overworkedops
overworkedops used Ask the Experts™
on
Okay. So someone asked me..."i want to setup an IPSEC tunnel to encrypt public IP traffic btw two locations." so essentially, setting a site to site VPN not to private to private network but to two public ips.

On my end of things, i have a HTTP service running on IP-A. the Remote location is IP-B. So when HTTP requests originate from IP-B, traffic will be tunneled.

Does that make sense?!?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2006
Commented:
I don't see why you couldnt do this using the IP's as your "networks"

Because the traffic will obviously pass across the VPN devices either way


I.e IP_A --VPN Device --------VPN Device----IP_B
Keith AlabasterEnterprise Architect
Top Expert 2008

Commented:
An IPSEC VPN using the Internet is using public IP addresses to form the tunnel anyway, not private ones as the two endpoints need to be able to communicate across the link before the tunnel is created.

A secondary stage of the creation will define what traffic/ports will be allowed to pass across the vpn tunnel so yes, it makes sense.
Top Expert 2006

Commented:
Now if you are attempting to have the Webservers themselves be the VPN end points I would have to say no.. (I.e linux boxes also running Apache and something like OpenSwan) , since you did not provide any details on how you are planning to achieve the VPN connectivity..

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial