I'm using an opengear box for out of band management at a remote location, and to provide cellular passthrough to the remote location ASA.
eth0 is connected to the public Internet, and has a corresponding IP address. Eth1 is used for the passthrough connection to the ASA.
I'd like to be able to send syslog messages from the opengear box to my internal syslog server. I figured all I need to do is to create an ipsec VPN from the opengear's wired Internet interface to an ASA at one of my datacenters.
The problem is that I'd need an IP address that's on the opengear box to serve as the "left" side subnet (interesting traffic in ASA parlance). I can't use the public wired IP address, and I can't use the cellular IP, and I can't use the dummy IP assigned to eth1 as part of the passthrough process.
Opengear support confirms that the dummy IP address assigned to eth1 is not usable, but is trying to tell me I can use the eth0 (wired Internet) IP which would make the left side subnet the same as the ipsec endpoint IP address. That isn't going to work (is it?)
Anyone ever set up an ipsec tunnel in such a manner?
No comments:
Post a Comment