Re: [Openstack] Site to Site VPN in openstack

[Tyler Bishop]

Openstack VPN is policy based, each remote network must have a policy. 

It is not a routed VPN tunnel like most devices. 




From: "Jaison Peter" <urotr...@gmail.com> 
To: "OpenStack General" <openstack@lists.openstack.org>, jw...@rockplace.co.kr 
Sent: Wednesday, September 21, 2016 1:47:25 AM 
Subject: Re: [Openstack] Site to Site VPN in openstack 

Thanks for your reply Han, 
That means, if we have 10.0.0.0 network in premises and 192.168.0.0 network in 
remote openstack private cloud, and if we need to set a site to site VPN with 
routes on the VPN endpoints so that both networks can communicate each other, 
then this case won't work if the on premises's VPN endpoint is a hardware 
device like ASA? 

On Tue, Sep 20, 2016 at 11:39 AM, Jaison Peter < urotr...@gmail.com > wrote: 



Hello all, 

I was checking if anything prevents us from establishing a site to site VPN 
from openstack private cloud to a on site hardware device like Cisco ASA. I 
knew that its possible to setup a site to site VPN between two openstack clouds 
using VPNaaS, but I am not sure about openstack to hardware device scenario. 
Please advice. 





___ 
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
Post to : openstack@lists.openstack.org 
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack 
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Site to Site VPN in openstack

[Jaison Peter]

Thanks for your reply Han,

That means, if we have 10.0.0.0 network in premises and 192.168.0.0 network
in remote openstack private cloud, and if we need to set a site to site VPN
with routes on the VPN endpoints so that both networks can communicate each
other, then this case won't work if the on premises's VPN endpoint is a
hardware device like ASA?

On Tue, Sep 20, 2016 at 11:39 AM, Jaison Peter  wrote:

> Hello all,
>
>
> I was checking if anything prevents us from establishing  a site to site
> VPN from openstack private cloud to a on site hardware device like Cisco
> ASA. I knew that its possible to setup a site to site VPN between two
> openstack clouds using VPNaaS, but I am not sure about openstack to
> hardware device scenario. Please advice.
>
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Re: [Openstack] Site to Site VPN in openstack

[Jongwoo Han]

There will not be a problem when you setup a vpn with standard IPSec 
Tunnel to a hardware device.


One thing you should consider is that if it is required to exchange 
routing information through tunnel.


In that case you need to setup a software router and forwarding table 
setup in the VPN endpoint.



2016년 09월 20일 15:09에 Jaison Peter 이(가) 쓴 글:

Hello all,


I was checking if anything prevents us from establishing  a site to 
site VPN from openstack private cloud to a on site hardware device 
like Cisco ASA. I knew that its possible to setup a site to site VPN 
between two openstack clouds using VPNaaS, but I am not sure about 
openstack to hardware device scenario. Please advice.



___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack


___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack