VPN remote peer with a LAN address

Reply
Highlighted
L2 Linker

VPN remote peer with a LAN address

I need to create a VPN tunnel between my PA firewall with a regular external IP address and a remote non-PA peer that is behind some equipment (no details) and only has a local 172.17.x.x address. Is this possible?

 

If it is possible, do I use the external IP of the remote site even though the VPN connection will not be with that IP address?

 

I'm assuming the non-PA peer on the remote LAN will always need to initiate the connection, correct?

Tags (3)

Accepted Solutions
Highlighted
L2 Linker

Couldn't get this working. The other end of the tunnel is on a LAN sitting behind gear I don't have access to so I can't configure or confirm NAT settings or port forwarding. Tried to get the device to initiate a connection, but it has limited configuration options and couldn't set an email address or other option for auth. Will have to figure out another way.

View solution in original post


All Replies
Highlighted
L4 Transporter

If this is going over the internet, it won't be possible. RFC 1918 address space doesn't get routed over the internet.

Whatever sits in front of the other peer needs to do NAT for it to work.

Highlighted
L2 Linker

Right. I understand public/private address spaces.

 

I also understand I will need NAT configured properly on the unknown router/firewall for this to work.

 

What I don't know is what value to use for the peer IP address, and then for authentication I'm assuming psk and email address or something like that will do the trick. AFAIK this can be done, I just haven't done it before.

Highlighted
Cyber Elite

How can you create a VPN tunnel to a device you have no information on?  It sounds like what you're really trying to do is "tunnel through" that FW to that end host. 

 

So you'd need the host to have some vpn/tunnel software that would actually create the VPN tunnel with your FW...(I would think this would be something the host network wouldn't allow.)  --edit-- seems like a perfect setup for some "haxorz" to go on ./

Highlighted
L2 Linker

Couldn't get this working. The other end of the tunnel is on a LAN sitting behind gear I don't have access to so I can't configure or confirm NAT settings or port forwarding. Tried to get the device to initiate a connection, but it has limited configuration options and couldn't set an email address or other option for auth. Will have to figure out another way.

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!