leblanc
asked on
Validate public IP address
I got a /23 public subnet from my provider with their gateway within that subnet x.x.91.1/23. I configured my FW with an IP address from that subnet x.x.90.1 and ping is allowed on the FW outside interface, I am trying to setup a IPSec vpn from this site back to the HQ. From HQ and my PC at home, I can ping their gateway x.x.91.1 but cannot ping x.x.90.1. I checked in looking glass bgp table and that subnet is routable on the Internet.
They said that everything is configured correctly on their end and the issue is from my end. I am not sure I agree with them but I am not sure how to validate my argument. Thanks
They said that everything is configured correctly on their end and the issue is from my end. I am not sure I agree with them but I am not sure how to validate my argument. Thanks
Why do you need that many public addresses. That is a large chunk.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am not sure why they gave us /23. We order 1 public IP address and they gave us /23.
All the Internet traffic will be send back to the HQ. So my default route will be send through the tunnel. I remove all of the tunnel configuration. I just assigned my FW interface with a public IP address from that subnet /23. So as far as the Internet is concerned I should be able to ping that interface from anywhere on the Internet because it is a routable public IP address. Correct?
All the Internet traffic will be send back to the HQ. So my default route will be send through the tunnel. I remove all of the tunnel configuration. I just assigned my FW interface with a public IP address from that subnet /23. So as far as the Internet is concerned I should be able to ping that interface from anywhere on the Internet because it is a routable public IP address. Correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Get everything working first, then integrate your VPN.
Also keep in mind for IPSec to work, both ends must be working... so... first you setup both ends without IPSec + get everything working.
Then setup IPSec at both ends + verify all's well.
Then integrate your 1 way or 2 way VPN.
Setting up IPSec tends to be overkill. SSL + SSH work as well or better (faster) + can be setup in a few seconds.