| mountainwalker@yahoo.com 2006-09-06, 1:15 pm |
| Can a cisco VPN Gateway simultaneously accept IKE and forward it to
another GW inbound, on same public IP address? We have a customer who
claims this is possible with Cisco. What do you think? Assume both
the cisco and 3rd party gateways are using the traditional UDP 500 and
4500 for IKE and NAT-Traversal. We believe it's not possible with any
vendor's product.
The cisco would have to be able to talk IKE on its public IP of
68.98.222.222 for its own VPN policies, and forward IKE incoming to
that same IP to an internal host 10.2.2.2 for VPNs coming in for the
3rd-party gateway inside.
(two different VPN peers want to do site-to-site VPN; one each with the
Cisco and the 3rd party devices shown below in the diagram)
|
(internet cloud)
|
DSL provider network
|
WAN - public, dynamic, on PPPoE DSL (e.g.. 68.98.222.222)
(Cisco)
LAN: 10.2.2.1 /24
|
(some servers sit here in 10.2.2.0 /24)
|
WAN: 10.2.2.2
(3rd-party IKE VPN Gateway)
LAN: 172.29.9.193 /28
|
(some servers sit here in 172.29.9.192 /28)
|