This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--===============1479813297==
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C683F0.2EA3983F"

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C683F0.2EA3983F
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

The first assumption here is that you are referring to a site to site =
vpn so
the short answer is No. It has to be a routable address. Your CA =
office
provider will have to NAT your 10 net address to a publicly routable
address. Even then depending on the device that is doing the NAT it =
might
not even work, because NATing IPSec is not a desirable scenario.

=20

What you should do is set up a client to site vpn which will allow any =
user
with the correct vpn profile and vpn software to connect to your vpn
endpoint (assuming NYC HQ). Set up ipsec tunneling using tcp (you pick =
the
port) on the head end and then configure the client side profiles
accordingly. Then you can just distribute the software with the =
profiles
preloaded and then they are set. =20

=20

_____ =20

From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of =
Ratna
Thurairatnam
Sent: Sunday, May 28, 2006 4:47 PM
To: firewall-wizards@listserv.icsalabs.com
Subject: [fw-wiz] Site to siteVPN between public ip and private ip

=20

We have HQ in NYC and a remote office in CA, the users in CA office in
another companies's network(landloard is providing internet =
connection).

At present our CA user's PC are getting NATed ip (10.0.10.*) from =
landload's
network to connect to internet then they are using RDP to connect our =
NYC
office..

We have now bought a program which is not support to run on TS, so we =
now
have to giveup the TS and find the way to connect the CA to NYC.=20

=20

We now want to setup VPN.

is it possible to setup VPN, if our CA pix get private ip for it's =
external
interface?

thank you for your help in Advance.

Mutthu

=20

=20

_____ =20

Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great
<http://us.rd.yahoo.com/mail_us/tagli....rd.yahoo.com=
/evt
=3D39666/*http:/messenger.yahoo.com> rates starting at 1=A2/min.


------_=_NextPart_001_01C683F0.2EA3983F
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

xmlns=3D"urn:schemas-microsoft-comfficeffice" =
xmlns:w=3D"urn:schemas-microsoft-comffice:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Diso-8859-1">












style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>The first assumption here is that =
you are
referring to a site to site vpn so the short answer is No.=A0 It has to =
be a
routable address.=A0 Your CA office provider will have to NAT your 10 =
net address
to a publicly routable address.=A0 Even then depending on the device =
that is
doing the NAT it might not even work, because NATing IPSec is not a =
desirable
scenario.>>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>>

=


style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>What you should do is set up a =
client to
site vpn which will allow any user with the correct vpn profile and vpn
software to connect to your vpn endpoint (assuming NYC HQ).=A0 Set up =
ipsec
tunneling using tcp (you pick the port) on the head end and then =
configure the
client side profiles accordingly.=A0 Then you can just distribute the =
software
with the profiles preloaded and then they are set.=A0 =
>>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>>

=




size=3D3
face=3D"Times New Roman">






style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:
size=3D2
face=3DTahoma>
firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com] style=3D'font-weight:bold'>On Behalf Of
Ratna =
Thurairatnam

Sent: Sunday, May 28, =
2006 4:47 PM

To: =
firewall-wizards@listserv.icsalabs.com

Subject: [fw-wiz] Site =
to siteVPN
between public ip and private ip
>>





style=3D'font-size:
12.0pt'>>





style=3D'font-size:
12.0pt'>We have HQ in NYC and a remote office in CA, the users in CA =
office in
another companies's network(landloard is providing internet =
connection).>>







style=3D'font-size:
12.0pt'>At present our CA user's PC are getting NATed
ip (10.0.10.*) from landload's network to connect to internet =
then
they are using RDP to connect our NYC =
office..>>







style=3D'font-size:
12.0pt'>We have now bought a program which is not support to run =
on TS, so
we now have to giveup the TS and find the way to connect the CA to =
NYC. >>







style=3D'font-size:
12.0pt'> >>







style=3D'font-size:
12.0pt'>We now want to setup VPN.>>







style=3D'font-size:
12.0pt'>is it possible to setup VPN, if our CA pix get private ip for =
it's
external interface?>>







style=3D'font-size:
12.0pt'>thank you for your help in =
Advance.>>







style=3D'font-size:
12.0pt'>Mutthu>>







style=3D'font-size:
12.0pt'> >>







style=3D'font-size:
12.0pt'> >>





size=3D3
face=3D"Times New Roman">






style=3D'font-size:
12.0pt'>Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. =
href=3D"http://us.rd.yahoo.com/mail_us/taglines/postman7/*http:/us.rd.ya=
hoo.com/evt=3D39666/*http:/messenger.yahoo.com">Great
rates starting at 1=A2/min.>>









------_=_NextPart_001_01C683F0.2EA3983F--

--===============1479813297==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1479813297==--