I'm looking for a configuration example where ...
-------------VPN--------------------->
Internet----PIX----Private IP Lan----PAT'd hosts
I need the VPN users to use the Public IP addresses when accessing the internal hosts.
TIA
Why not have them use host names instead of IP addresses and configure your DNS server for split DNS.
That's the default. Just don't "nat (inside) 0 access-list" the traffic, and ensure that any crypto map match address ACLs are written in terms of the *public* IPs being in the right-hand ("destination") field. If you aren't using sysopt permit-* then your outside interface ACLs should be written to expect the traffic to be destined to the public IPs.
(I do not know what the source IPs will come out as in this case, if the source IPs are being handed out by the VPN negotiation.)
They will be using host names - these are customers not internal people so they will be getting their DNS info from my external DNS.
I will be using split DNS for Internal users.
Thanks - I'll give it a test in the next few days
This will be interesting as we have used this in our application's logs in the past.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.