Hi guys,
I am totally confused with the Site to Site VPN configuration. Assume there are two different companies X and Y. There is a FTP server (server B) in network 10.20.20.0/16 which belongs to company Y. There is also a FTP client (server A) in network 10.20.60.0/16 (note that this network belongs to company X), which is supposed to access the FTP server. I need to configure a Site-to-Site VPN between these two networks.
I have the following:
- 2x Cisco ASA 5520 (one at each location)
- 2 public IP addresses (1x DMZ IP address of company X and 1 of company Y)
- 2 private IP addresses 10.20.20.144/16 (company X) and 10.20.60.21/16 (company Y)
I understand that at each location ASA public interface will get the assigned DMZ IP and the private interface the private IP address. Destination of the tunnel on ASA X will be IP address of the FTP server (at company Y) and destination of the tunnel of ASA Y will be the FTP client (at company X).
What am I missing here? Is the last sentence correct? How come these two machines can talk to one another since if you forget about the VPN tunnel they reside in the same 10.20.0.0/16 subnets?
Thanks, AL