NAT - backwards
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||
|
Posted by Mike Tierney on August 23, 2007, 9:57 pm
Please log in for more thread options can't figure out the syntax: I need to NAT two outside global addresses to the address of a firewall on one of the LAN interfaces. This solution is intended to support two different groups of VPN clients in a primary/failover configuration. The firewalls serving the VPNs apparently don't support loopback interfaces, so the VPN clients have to be configured with the outside IP address of the respective firewalls. I can't just NAT all the traffic going through to the firewall because it supports other services. After going over several possibilities, the only solution I can think of is to allocate two host addresses, call them PrimA and PrimB (PrimA used by clients using site A as their primary, PrimB used by B site clients), and NAT both of them at their respective sites to their respective firewalls' outside IP addresses: (All IP addresses are public, I.e. non-rfc1918, but I use rfc1918 here as examples) AWAN intfc 172.16.1.2/30 ALAN intfc 10.1.1.1/28 AFirewall 10.1.1.2/28 BWAN intfc 172.16.2.2/30 BLAN intfc 10.1.2.1/28 BFirewall 10.1.2.2/28 PrimA 192.168.1.1 PrimB 192.168.2.1 I want to NAT both 192.168.1.1 and 192.168.2.1 to the firewall's outside IP address: ASite: 192.168.1.1 and 192.168.2.1 both NAT to 10.1.1.2 BSite: 192.168.1.1 and 192.168.2.1 both NAT to 10.1.2.2 Is this so simple I can't see it? Or is this a potential hornets nest? I'm having a serious mental block here, I'm sure it's not difficult but I can't figure it out. TIA for any assistance!! m j tierney | ||||||||||
| Similar Threads | Posted |
| NAT - backwards | August 23, 2007, 9:57 pm |