We have a vendor that is requiring us to connect vpn to their network to transmit data. This used to not be a huge deal, because out of a thousand users, we only had one end user that required to connect to this service. Now we have a group of 10.
Since I don't have 10 free public IPs I would like to create a pool of
5 public IPs for any of the 10 specified users. Sounds easy enough, but I haven't a clue as where to begin.
Could someone point me in the correct direction? Either by config example (yeah, I'm lazy) or literature?
There are different kinds of VPN. I must assume that you mean remote access VPN for a single PC to connect into the inside company network from the outside. I hope you did not mean a site-to-site VPN.
It sounds like a VPN system is already in place for that 1 person already connecting. Now 10 people need to connect. Therefore, it seems like the equipment is already configured and the other people just connect into the same system with the same external Internet IP address and get into the inside network as if they were an inside host. I do not foresee a problem so far.
Many devices host remote access (RAS) VPN connections. They usually have a single Internet IP address which is used for all outside VPN clients to connect. Multiple outside IP addresses are not used for multiple RAS VPN connections. The resulting connection through the VPN system to the inside network usually uses DHCP to provides an inside IP address to the client's virtual connection through the established VPN tunnel.
Now for your company to have more than 1 RAS VPN connection to another company, I do not see the need for you to allocate more public IP addresses on your side - the VPN client side. Much more information is needed. What kind of system is providing the VPN connection and what software and VPN protocols are being used to make this connection?
My apologies, This is a client based VPN.. and you are correct.. I will elaborate. We do have one single outbound IP address. All of our clients come from xx.xx.xx.18 ...Many of our users use a Cisco client to connect to one of our other vendors., all using the same public IP address.... No issues there.
My problem, is that this is some kind of crazy At&t "Global" VPN client our vendor is using via an ATT managed service. In the instructions the vendor gave us for the ATT client, it specifically states that each machine connecting to the "Global ATT Network" will need its OWN public IP address. The actual documentation for the ATT Client from ATT says no such thing... I have not tested to see if all will work with the single outbound IP address. Needless to say, a client that requires an individual public IP for each user... doesn't have me happy.
I've created nat pools on routers several times, just never on a pix. I work for a non-profit agency that doesn't have money for hot spares or failovers... so my changes will be done on a.. gasp.. . production firewall.
Thanks however for your insight and as always, I am thankful for anyone taking the time out to help explain.
As per my understanding you are using AT&T Clinet to connect your vendors VPN Network.
Actually your vendor has restricted 1 public-ip per mac-addres or something that kind of adjustment. You need to check with them how to solve this as you only have 1 public-ip natting all internal ips .
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.