Wednesday, December 4, 2019

Why would an encryption domain have to be a public IP?

I have never stood up a side-to-side VPN before, and my org does not have any yet. Vendor sends a VPN form. I understand everything on it except encryption domain. Their side is supplying two public IPs, my side only said it needed to be registered host/subnet.

My recollection from a previous life was that an encryption domain was the subnets the VPN needed to access. If I use PAT, this will pose a problem if there is inbound traffic, wont it? And I dont think I'm supposed to be assigning our public IPs to this...

I know this is supposed to be simple, google searches have examples without context so that wasnt helpful. Hoping someone can tell me what a best practice setup looks like....



No comments:

Post a Comment