<div>
Would these rules be needed on the &quot;destination firewall&quot;? &nbsp;Reason I ask is that the device is not under my control.
</div>


Would these rules be needed on the "destination firewall"?  Reason I ask is that the device is not under my control.

<div>
<div class="content wysiwyg-content">
Is it possible to establish a Site-to-Site VPN between two devices where one of them is behind a firewall? &nbsp;Here is the setup:<br />
<br />
&lt;datacenter firewall&gt; - Cisco PIX<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br />
{internet}<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br />
&lt;destination facility firewall&gt; - not in my control<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br />
10.x.x.x address<br />
&lt;my firewall device&gt; - most likely a juniper SSG or Cisco ASA<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br />
&lt;my equipment&gt;<br />
<br />
Basically, the firewall is in a facility and on a network with either a 10.x.x.x or 192.169.x.x address. &nbsp;Is it possible to establish a site-to-site VPN between my firewall device and the datacenter? &nbsp;I'm reading online about NAT Traversal, but I'm not sure that is what needs to be setup. &nbsp;I'm quite certain that the destination firewall (that is not in my control) is setup to allow VPN tunnels that are established from within.
</div>
</div>


Is it possible to establish a Site-to-Site VPN between two devices where one of them is behind a firewall?  Here is the setup:

<datacenter firewall> - Cisco PIX
	|
{internet}
	|
<destination facility firewall> - not in my control
	|
10.x.x.x address
<my firewall device> - most likely a juniper SSG or Cisco ASA
	|
<my equipment>

Basically, the firewall is in a facility and on a network with either a 10.x.x.x or 192.169.x.x address.  Is it possible to establish a site-to-site VPN between my firewall device and the datacenter?  I'm reading online about NAT Traversal, but I'm not sure that is what needs to be setup.  I'm quite certain that the destination firewall (that is not in my control) is setup to allow VPN tunnels that are established from within.

Site-to-Site VPN from behind a Firewall

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.