williamwlk
asked on
Cisco IPSec Site-to-Site VPN Config based on ASA5505-50-BUN-K9
Hi,
I'd like a scenario as below:
LAN1 ---> ASA5505-50-BUN-K9 --- NAT/Firewall by ISP ---> ISP --> Internet ---> Public IP --> ASA5505-50-BUN-K9 --> LAN2
I'd like a site to site IPSec VPN but LAN1 will always initiate and will be always so that LAN2 can reach LAN1 always.
Why I want LAN1 VPN Gateway to always initiate is that LAN2 VPN Gateway will never see LAN1 VPN Gateway since it is behind an ISP NAT while LAN1 VPN Gateway can always reach out to LAN2 VPN Gateway.
Is this scenario going to be possible?
Regards,
W
I'd like a scenario as below:
LAN1 ---> ASA5505-50-BUN-K9 --- NAT/Firewall by ISP ---> ISP --> Internet ---> Public IP --> ASA5505-50-BUN-K9 --> LAN2
I'd like a site to site IPSec VPN but LAN1 will always initiate and will be always so that LAN2 can reach LAN1 always.
Why I want LAN1 VPN Gateway to always initiate is that LAN2 VPN Gateway will never see LAN1 VPN Gateway since it is behind an ISP NAT while LAN1 VPN Gateway can always reach out to LAN2 VPN Gateway.
Is this scenario going to be possible?
Regards,
W
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Guys! Gotta love it.
W
W
ASKER
Cheers!
ASKER
Sorry I can't ask my ISP to change the design of the Infra.
But I can change my infra in my office.
So, instead of site to site, I will change my office to mobile VPN Users.
Users/Servers ---> VPN Client ---- NAT ---- ISP --- Internet ---- Public IP --> HQ VPN IPSec Gateway ---> HQ LAN
This should absolutely work? right?
W