The
scenario you're describing (your new one) is fairly typical in my experience,
and is referred to as a LAN-to-LAN VPN. The scenario you describe where
your FW establishes a VPN with the public IP of a host on their side, with
addressing translation taking place through some unseen magic at their end, is
atypical (again, only speaking from my experience).
Arguably, your "new scenario" is simpler than your old one, so that's
good news. :)
All
you do is set up a VPN between the two firewalls, with traffic through the
tunnel (your encryption domains) defined in terms of the private ranges.
In terms of FW-1 objects, you have one for your firewall, whose encryption
domain includes workstation/network objects specifying your private addresses
that you want to talk to them. You have an object for their firewall, and
its encryption domain should include objects corresponding to their
workstation/network objects, specified using their private addresses that you
want to talk to.
Make
sense? Or did I totally miss your Q? :)
Hello,
I'm trying to change our
firewall's configuration to make a new VPN with another network (let's call it
network B) but don't know how to do it.
The thing is that the only
public IP address I have from network B is its firewall's public address, the
rest of the machines in network B only have private addresses. Up to know,
every VPN I have made worked in a different way, thats to say, I always
established a communication with the other network's machine's IP public
address, and it was this other network's firewall which using NAT, translated
this public adress to its corresponding private one.
The case I'm facing now is a
little bit different, just because I should establish my connection directly
using the other network machine's private addresses. How can this be
done?
Thanks in advance,
Elena
|