Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 1299 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IP Address VPN IPSEC - terminology

papali

Hi everyone, I'm trying to establish a VPN with a partner but we don't seem to understand each other very well, I ask you for help in using the right terms:

Is the Phase 2 IP address the one that should be allowed to go through the tunnel once the VPN is established?

Then the private IP of a host or a local network? It's right?

Thanks!



This thread was automatically locked due to age.
  • 0

    Ciao papali,

    On your partner's side, he probably has "local" and "remote" in his Phase 2 definition.  In the UTM, his "local" will be in 'Remote networks' in your Remote Gateway.  His "remote" needs to match what's in 'Local Networks' in your IPsec Connection.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Ciao BAlfson, thank you so much for your help!

    That of local and remote networks is clear to me.

    But in any case both the local network and the remote network for me or for him must be private ip right? they are the ones traveling in the tunnel...

    This partner keeps asking me for a public ip for phase 2 because the private ip would cause them inconveniences.

    Is this possible? practically I would have a public ip that travels in vpn through another public ip??

  • +1 in reply to papali

    Yes, you would use an SNAT to make it appear that all traffic from your Internal network came from that public IP.  If they're going to initiate any requests to your devices, the situation becomes more complicated.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    SNAT, perfect! I was missing this step.
    Thanks so much BAlfson!

Unfiltered HTML