Nat Pool
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||
|
Posted by dempsey_b on July 25, 2008, 3:18 pm
Please log in for more thread options We have a vendor that is requiring us to connect vpn to their network to transmit data. This used to not be a huge deal, because out of a thousand users, we only had one end user that required to connect to this service. Now we have a group of 10. Since I don't have 10 free public IPs I would like to create a pool of 5 public IPs for any of the 10 specified users. Sounds easy enough, but I haven't a clue as where to begin. Could someone point me in the correct direction? Either by config example (yeah, I'm lazy) or literature? Thanks millions! Bill | ||||||||||||||||||||||
|
Posted by Scott Perry on July 25, 2008, 4:16 pm
Please log in for more thread options VPN for a single PC to connect into the inside company network from the outside. I hope you did not mean a site-to-site VPN. It sounds like a VPN system is already in place for that 1 person already connecting. Now 10 people need to connect. Therefore, it seems like the equipment is already configured and the other people just connect into the same system with the same external Internet IP address and get into the inside network as if they were an inside host. I do not foresee a problem so far. Many devices host remote access (RAS) VPN connections. They usually have a single Internet IP address which is used for all outside VPN clients to connect. Multiple outside IP addresses are not used for multiple RAS VPN connections. The resulting connection through the VPN system to the inside network usually uses DHCP to provides an inside IP address to the client's virtual connection through the established VPN tunnel. Now for your company to have more than 1 RAS VPN connection to another company, I do not see the need for you to allocate more public IP addresses on your side - the VPN client side. Much more information is needed. What kind of system is providing the VPN connection and what software and VPN protocols are being used to make this connection? ----- Scott Perry Indianapolis, IN ----- | ||||||||||||||||||||||
|
Posted by dempsey_b on July 27, 2008, 8:14 pm
Please log in for more thread options My apologies, This is a client based VPN.. and you are correct.. I
will elaborate. We do have one single outbound IP address. All of our clients come from xx.xx.xx.18 ...Many of our users use a Cisco client to connect to one of our other vendors., all using the same public IP address.... No issues there. My problem, is that this is some kind of crazy At&t "Global" VPN client our vendor is using via an ATT managed service. In the instructions the vendor gave us for the ATT client, it specifically states that each machine connecting to the "Global ATT Network" will need its OWN public IP address. The actual documentation for the ATT Client from ATT says no such thing... I have not tested to see if all will work with the single outbound IP address. Needless to say, a client that requires an individual public IP for each user... doesn't have me happy. I've created nat pools on routers several times, just never on a pix. I work for a non-profit agency that doesn't have money for hot spares or failovers... so my changes will be done on a.. gasp.. . production firewall. Thanks however for your insight and as always, I am thankful for anyone taking the time out to help explain. | ||||||||||||||||||||||
|
Posted by CK on July 28, 2008, 3:11 am
Please log in for more thread options As per my understanding you are using AT&T Clinet to connect your
vendors VPN Network. Actually your vendor has restricted 1 public-ip per mac-addres or something that kind of adjustment. You need to check with them how to solve this as you only have 1 public-ip natting all internal ips . | ||||||||||||||||||||||
|
Posted by Techno_Guy on July 29, 2008, 1:27 pm
Please log in for more thread options > My apologies, This is a client based VPN.. and you are correct.. =A0I
> will elaborate. =A0We do have one single outbound IP address. =A0All of > our clients come from xx.xx.xx.18 ...Many of our users use a Cisco > client to connect to one of our other vendors., all using the same > public IP address.... No issues there. > > My problem, is that this is some kind of crazy At&t "Global" VPN > client our vendor is using via an ATT managed service. =A0In the > instructions the vendor gave us for the ATT client, it specifically > states that each machine connecting to the "Global ATT Network" will > need its OWN public IP address. =A0The actual documentation for the ATT > Client from ATT says no such thing... I have not tested to see if all > will work with the single outbound IP address. =A0Needless to say, a > client that requires an individual public IP for each user... doesn't > have me happy. > > I've created nat pools on routers several times, just never on a pix. > I work for a non-profit agency that doesn't have money for hot spares > or failovers... so my changes will be done on a.. gasp.. . production > firewall. > > Thanks however for your insight and as always, I am thankful for > anyone taking the time out to help explain. A quick search on google for Cisco Pix Nat PPOl showed me this. http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note091= 86a00800b6e1a.shtml | ||||||||||||||||||||||
| Similar Threads | Posted |
| nat for pool | September 12, 2006, 9:30 am |
| Nat Pool | July 25, 2008, 3:18 pm |
| reading the nat pool | September 19, 2005, 3:21 pm |
| ezvpn: ip pool necessary? | June 27, 2006, 1:54 pm |
| Pool Manager uses 40% of CPU | November 5, 2006, 4:43 am |
| rephrased: 2621 nat pool | September 22, 2005, 8:14 pm |
| ip local pool question | January 11, 2006, 6:08 pm |
| VPN address pool disappears from PDM | April 12, 2006, 9:23 am |
| What is NAT pool "prefix-length" for? | February 5, 2008, 2:43 pm |
| Recommended spares pool size? | August 28, 2005, 10:30 pm |
| VPN -- why do I see the remote IP address (not vpn pool addr) in my log? | February 10, 2006, 1:35 pm |
| ip local pool not releasing addresses | June 17, 2005, 6:03 am |
| HowTo assign DNS Server with "ip local pool" | September 3, 2007, 5:22 am |
| Simultan VPN tunnel and root directory replication from storage pool | December 6, 2005, 5:37 pm |
| ASA 5505 VPN making crazy. How to build single VPN on ATT dyn IP/static IP pool system | November 21, 2007, 7:43 am |
>
> We have a vendor that is requiring us to connect vpn to their network
> to transmit data. This used to not be a huge deal, because out of a
> thousand users, we only had one end user that required to connect to
> this service. Now we have a group of 10.
>
> Since I don't have 10 free public IPs I would like to create a pool of
> 5 public IPs for any of the 10 specified users. Sounds easy enough,
> but I haven't a clue as where to begin.
>
> Could someone point me in the correct direction? Either by config
> example (yeah, I'm lazy) or literature?
>
> Thanks millions!
>
> Bill