Solved

Site to Site IPSEC VPN to tunnel ONLY external IP's

Posted on 2006-10-20
3
220 Views
Last Modified: 2010-04-09
Okay. So someone asked me..."i want to setup an IPSEC tunnel to encrypt public IP traffic btw two locations." so essentially, setting a site to site VPN not to private to private network but to two public ips.

On my end of things, i have a HTTP service running on IP-A. the Remote location is IP-B. So when HTTP requests originate from IP-B, traffic will be tunneled.

Does that make sense?!?
0
Comment
Question by:overworkedops
  • 2
3 Comments
 
LVL 11

Accepted Solution

by:
prueconsulting earned 500 total points
Comment Utility
I don't see why you couldnt do this using the IP's as your "networks"

Because the traffic will obviously pass across the VPN devices either way


I.e IP_A --VPN Device --------VPN Device----IP_B
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
An IPSEC VPN using the Internet is using public IP addresses to form the tunnel anyway, not private ones as the two endpoints need to be able to communicate across the link before the tunnel is created.

A secondary stage of the creation will define what traffic/ports will be allowed to pass across the vpn tunnel so yes, it makes sense.
0
 
LVL 11

Expert Comment

by:prueconsulting
Comment Utility
Now if you are attempting to have the Webservers themselves be the VPN end points I would have to say no.. (I.e linux boxes also running Apache and something like OpenSwan) , since you did not provide any details on how you are planning to achieve the VPN connectivity..
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now