I have a vendor (vendor1) who has a vpn tunnel back to my company to provide support for some applications that we have with them.
My current setup is a 2651XM at the edge and then a hub and then a PIX 515E and then my internal network. The vendor utilizes an 1812 router to establish the tunnel back to their data center.
Vendor1's router currently connects to the hub and then directly connects to the internal network bypassing the firewall. In order to increase security I would like to move the 1812 to connect to a layer 3 switch on its external port that will reside between the firewall and my internal router (3845) and NAT the current external address to an internal address.
Vendor1 has stated that they cannot establish this tunnel across a device that has to/will NAT their traffic. I have another vendor (vendor2), utlizing a 1720 router for a VPN tunnel, who is requiring me to move the router between the firewall and the internal router.
I cannot see why you cannot NAT Vendor1's traffic.
If anyone could enlighten me as to whether or not Vendor1 is correct in their statement and the reasons behind the correct answer I would appreciate it.
tia td
--
--------------------------------- --- -- - Posted with NewsLeecher v3.9 Beta 9 Web @