• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 207
  • Last Modified:

NAT over VPN pool

Oks, this is what I want to do but I doubt it's possible.

Just a plain static from the outside interface to the inside interface.
However, this applies to the vpn pool. The initiator of the communication is
going to be a VPN client.

For eg: the physical web server is on the pix inside network and the
server's IP is 10.1.1.80

I want to use a static which would look something like this:
static (inside,outside) 172.16.33.80 10.1.1.80
Hence, if a VPN client tries to access 172.16.33.80, it would be redirected
to 10.1.1.80
0
billwharton
Asked:
billwharton
  • 3
  • 3
1 Solution
 
lrmooreCommented:
Hi, Bill!
Can I assume that your VPN client is getting dns resolution for www.zzzz.com as 172.16.33.80, which you have forwarded to inside server 10.1.1.80, and you can't change the DNS combobulation?
Alias command fixes this for internal uses, but I've neer seen it used for VPN clients, but it might work..
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

0
 
billwhartonAuthor Commented:
lrmoore

i think I really messed up the question. Here you go again:

VPN client ------ Internet ------- PIX -------- LAN

PIX inside: 10.1.1.1
PIX outside: 150.12.1.1


A VPN software client establishes a vpn connection to 150.12.1.1 and receives an IP address of 11.1.1.15 from the vpn pool defined on the PIX which is 11.1.1.1.

Now, during the VPN session, if the VPN client tries to connect to an IP address of 172.16.33.80, the PIX should translate this destination to destination IP: 10.1.1.80

It's just like static NAT excepting I'm trying to do it within the boundaries of a VPN tunnel.
0
 
lrmooreCommented:
I don't think you can do that...maybe I'm missing the point, but why can't the client just go directly to the destination 10.1.1.80, why would he even try to go to 172.16.33.80 ?
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
billwhartonAuthor Commented:
it's all part of another garbled problem i am trying to solve.

I'm in my office and they've restricted all websites. I always have my vpn tunnel to home up and running and could run a terminal services session but images load up very slow and of course video ain't possible.

Hence, I thought I could use my server at home as a NAT server. A proxy wouldn't do as every other protocol needs you to set up a proxy for it. This is how I started to implement the plan.

Get rid of the default gateway the office DHCP server provided me and only add a single route to my home IP address to go through the office gateway. Once connected, I have to add a default route and a default route should have it's next hop on the same network. Now, since my vpn pool assigned me an IP address of 11.1.1.15, I tried doing a static nat to translate 11.1.1.80 to 10.1.1.80 (nat server)
But that didn't work.

You're probably saying I'm getting crazy over something small which is true. However, even if I can't do it, it was quite a bit of learning involved in the process which cannot hurt :)
0
 
lrmooreCommented:
I do think you're crazy, but it does afford a good learning experience..
Trying to cheat the system, are we?
You don't control the network at work
You do have a VPN back to home network (PIX)
You want to use home server as a sort of anonymous proxy, "through" the vpn tunnel?
Can't do it anyway.
0
 
billwhartonAuthor Commented:
after your summary, i've started thinking of myself as even crazier. It's like each step of the way, I've tried to achieve something but put a road block in front of it.

lol

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now