site to site vpn - server to server (socket to socket) connection

eitan · January 2019

Image: https://us.v-cdn.net/6029482/uploads/editor/md/yi6tnynuksgj.png

I need help with my next challenge and that is to create a site to site vpn. It has to be what cisco refers to as the extranet scenario. My partner's company and my company want to establish a site to site vpn between two servers. The vpn is to be restricted to only allow two servers (two sockets) to communicate securely across the internet. One server at my company the other at my partners'. We do not want to share subnets etc...
i believe my peer ip is 209.183.24.195. I want to use 216.254.177.194 (which is my first usable public ip) as the vpn public ip for the the server at my location, internally my servers address is 192.168.1.3. Port to use on my server will be 2111. No internal IPs will be visible between the two companies.
I will use my partner's peer public IP as 7.7.7.7, and the public ip, and port, of my partner's server as 6.6.6.6:2000
Thank you in advance

Zyxel_Charlie · January 2019

@eitan
Your application is that you want the 192.168.1.3:2111 can access peer internal device via 7.7.7.7 and 7.7.7.7 will actually mapping to the server IP 6.6.6.6:2000?
Charlie

eitan · January 2019

yes

Zyxel_Charlie · January 2019

@eitan
Regrading to this case,
you need to configure extra SNAT on VPN page and policy routing on your own Palo Alto,
here is an example(on Palo Alto)

Image: https://us.v-cdn.net/6029482/uploads/editor/ze/20wybmyb826a.jpg

Image: https://us.v-cdn.net/6029482/uploads/editor/93/skn0ivpop3ji.jpg

Here is Guide as your reference.
SNAT on VPN environment
Charlie

site to site vpn - server to server (socket to socket) connection

All Replies

Categories

Security Help Center