Hey all!
I'm trying to configure some VPN tunnels in a new environment I inherited with a Cisco Firepower FTD firewall as our endpoint, but a unique config is requiring that the tunnel be terminated to an IP address that isn't the one directly assigned to the outside interface. My outside interface IP is RFC1918 (10.10.10.1 in diagram) because the path to our internet egress traverses a separate internal network, but our public range is routed from that network to my firewall's outside interface and my public IP range (x.y.z.0/29 in diagram) is reachable from the public internet. x.y.z.1 is my PAT address from the devices inside the firewall and that egress also works properly.
The issue here is that when trying to create a VPN tunnel, it requires that the local VPN endpoint IP be an interface IP (my only option when choosing my outside interface is 10.10.10.1) and will not allow it to be one of the public IPs I have that isn't the exact interface IP. Is there another way to get it to specify the source address of the tunnel as one of those public IPs?
Diagram - https://i.imgur.com/8tVqAa3.jpg
No comments:
Post a Comment