JPDU4
asked on
S2S VPN - connection to a partner site, requires using PUB NATTED address on the tunnel
Hello,
How would you configure a S2S connection with a vendor who requires you to have a PUBLIC address as the source on the tunnel.
Currently I have a pair Cisco ISR's devices doing our production NAT and FWing. Since this is a temporary solution, I plan to configure a standalone ISR that will participate in the vendor S2S VPN connection. The servers that need access to the the vendors tunnel are NATTED on the core's. My thought process is to simply put a static route on my core to point at the temp ISR performing the 2S2 to get to that network. This should all work, but I am concerned on how to set up the NAT on the S2S Tunnel so that it looks like they are coming from one of our public addresses. They are putting a filter in place and will only accept the PUB address.
How would you configure a S2S connection with a vendor who requires you to have a PUBLIC address as the source on the tunnel.
Currently I have a pair Cisco ISR's devices doing our production NAT and FWing. Since this is a temporary solution, I plan to configure a standalone ISR that will participate in the vendor S2S VPN connection. The servers that need access to the the vendors tunnel are NATTED on the core's. My thought process is to simply put a static route on my core to point at the temp ISR performing the 2S2 to get to that network. This should all work, but I am concerned on how to set up the NAT on the S2S Tunnel so that it looks like they are coming from one of our public addresses. They are putting a filter in place and will only accept the PUB address.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thanks Aarie, completely what I thought - just needed a confirmation. Thank you
ASKER