asked on

Network routing VPN etc.

Have a customer in DK who have been sold to a company in FI. In Findland they want to offer some Intranet sites to the users in DK.

We then made a site-to-site VPN between the DK subnet 192.168.22.0 and the subnet in FI 10.45.105.0 and then some DNS so the users in DK can browse intranet sites in FI. That works.

But now the guys in FI wants the DK users to browse another site on an IP address of 194.x.x.x and they want me to make it work through the VPN. But how should that be possible? As far as I know a 194.x.x.x address is a public address and the firewall in DK will route it to the Internet and not through the VPN.

What can I do? Which information do I have to ask the guys in Finland?

Kurt Richter

It sounds like the folks in Finland are using public space that is not theirs -- a not too uncommon practice, though a bad idea.

You can do this. You need to do at least one, maybe two, or even three, things: 1) add the 194.x.x.x destination to your ACL that specifies interesting traffic; and 2) depending on how you are tunneling the traffic and what type of device you are using to create the VPN, you may need to add a route 194.x.x.x to point the traffic down the tunnel, 3) exempt the 194.x.x.x traffic from the NAT policy.

If you are just doing traditional ESP tunnel mode on a Cisco IOS or PIX/ASA platform, you only need to do the 1st and 3rd.

HTH

kr

TANGLAD

ASKER

Im using a Cisco Pix 501 with PDM interface only. Since I dont have the knowledge to use command line interface and telnet and things like that. But Im not that stupid at all, so if someone tells me how to configure this thing in command line way I can propably do it. The main thing in this scenario is that I think they are asking me to do something that is wrong or even impossible.

ASKER CERTIFIED SOLUTION

Kurt Richter

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial