Need to have the VPN "host" behind NAT

I have a client who has a corporate firewall located out of state. We have been given permission to setup a VPN solution into the local subnet via the corporate internet connection. The corp folks will be giving us a 1-to-1 NAT association for whatever IP address we select from the external IP they give us on the firewall.

I'm familiar with several brands of small routers (netopia of old, Watchguard, Sonicwall, etc) and was thinking of putting in a small Watchguard Edge and let the remote user us MUVPN to get in. The problem that just occured to me is that a "router/firewall" with VPN access will not work.

So, I have a local subnet of 10.0.0.x and I want to setup a VPN into that subnet. The Watchguard Edge will have a local ip address assigned to the WAN port (lets say 10.0.0.5) and the LAN port will be on the same subnet.....this won't work (at least the edge won't let it happen). I'm not needing the firewall/NAT portion of the firewall. All I need is the VPN connection.

Anyone have any ideas on a

Reply to
jfranks1970
Loading thread data ...

I have done this with the Microsoft VPN server and it worked just fine. One NIC card with a single internal address for both in and out (it gives a warning, but it does work). Fixed external IP address assigned to the internal IP address of the VPN machine. However some people don't like Microsoft.

Also have you thought about giving the local router an additional subnet and putting the VPN box both. If you set the gateways correctly the VPN should route back to the same router and then to the local machine.

Dennis

snipped-for-privacy@gmail.com wrote:

Reply to
Dennis Willson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.