4. Allow DMZ to access second IPsec site

Allow DMZ to access second IPsec site

  • P

    My knowledge of NAT and VIPs is somewhat limited so maybe what I'm hoping they can do isn't even a thing so feel free to turn me around and give me a simple "no". :)

    Is there a way to allow a server located in a DMZ to access a device located on the other side of an IPsec tunnel without having to add a Phase 2 on both sides ?

    LAN: 192.168.100.0/24
    DMZ: 10.0.66.0/24
    Remote LAN: 192.168.200.0/24

    Server: 10.0.66.10
    Printer: 192.168.200.30

    Can NAT somehow make the server (DMZ) IP 10.0.66.10 to look like it's coming from 192.168.100.199 so it then can go through the tunnel's existing Phase 2 and ping/send jobs to a printer on the remote side ?

    0
    V
     1 Reply
  • V

    @PL-EPI said in Allow DMZ to access second IPsec site:

    without having to add a Phase 2 on both sides ?

    Why not? That's the proper way to go.

    If you're are not able to add a second phase 2 you can try to cover both, LAN and DMZ, with only one.
    E.g. change the DMZ network to 192.168..101.0/24 and the phase 2 to 192.168.100.0/23.

    0
  • P

    I do have it set up with a second Phase 2. I just thought there could be a better way to achieve the same result without having to go through each of the sites and adding a P2.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy