where to define a static public IP for IPsec

L3 Networker

where to define a static public IP for IPsec

Hi I have to build up a IPSec tunnel with a partner. So at Network -> Interfaces -> eth 1/1 I have my connection to internet with a /28 Net. I call it for example 12.34.56.144/28 net. There the router from my isp is IP 12.34.56.145. I will build up my tunnel on ip .146. Now on the eth 1/1 I define the IP 12.34.56.146/28 so the complete /28 net is set.

 

On Network -> IKE Gateway I can only chose the local IP Address /28 from interface and not one /32 IP. How can I do this?

When I set a second /32 address I get a routing error. So how must I configure this right way?

L5 Sessionator

Re: where to define a static public IP for IPsec

Did you add /32 address on interface first? After that you should be abe to select it in IKE Gw settings.

L3 Networker

Re: where to define a static public IP for IPsec

I have 12 public IPs and i must all use. So must i configure

...146/32

...147/32

..and so on?

 

Or how can i connect to the ips?

L5 Sessionator

Re: where to define a static public IP for IPsec

If you want to select an address in IKE GW object you must define it on interface first.

If you're just using it for NAT (source or destination) it's not mandatory.

Both ways tell PA for which address it should answer to ARP request.

 

 

L3 Networker

Re: where to define a static public IP for IPsec

I want to use it in IKE Gateway. But how must I define it? 

 

I use it just as well as NAT. How must look my NAT entry?

And how can I test it?

L5 Sessionator

Re: where to define a static public IP for IPsec

You simply add another IP to interface. First IP (primary) you define with correct mask (/28 or however it is). All the additional IPs from same subnet come with /32 mask.

 

To use it in NAT rules you don't have to define it on interface, but you can. 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!