Solved

NAT over VPN pool

Posted on 2004-10-11
6
197 Views
Last Modified: 2013-11-16
Oks, this is what I want to do but I doubt it's possible.

Just a plain static from the outside interface to the inside interface.
However, this applies to the vpn pool. The initiator of the communication is
going to be a VPN client.

For eg: the physical web server is on the pix inside network and the
server's IP is 10.1.1.80

I want to use a static which would look something like this:
static (inside,outside) 172.16.33.80 10.1.1.80
Hence, if a VPN client tries to access 172.16.33.80, it would be redirected
to 10.1.1.80
0
Comment
Question by:billwharton
  • 3
  • 3
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12281143
Hi, Bill!
Can I assume that your VPN client is getting dns resolution for www.zzzz.com as 172.16.33.80, which you have forwarded to inside server 10.1.1.80, and you can't change the DNS combobulation?
Alias command fixes this for internal uses, but I've neer seen it used for VPN clients, but it might work..
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

0
 
LVL 11

Author Comment

by:billwharton
ID: 12282243
lrmoore

i think I really messed up the question. Here you go again:

VPN client ------ Internet ------- PIX -------- LAN

PIX inside: 10.1.1.1
PIX outside: 150.12.1.1


A VPN software client establishes a vpn connection to 150.12.1.1 and receives an IP address of 11.1.1.15 from the vpn pool defined on the PIX which is 11.1.1.1.

Now, during the VPN session, if the VPN client tries to connect to an IP address of 172.16.33.80, the PIX should translate this destination to destination IP: 10.1.1.80

It's just like static NAT excepting I'm trying to do it within the boundaries of a VPN tunnel.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12282273
I don't think you can do that...maybe I'm missing the point, but why can't the client just go directly to the destination 10.1.1.80, why would he even try to go to 172.16.33.80 ?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 11

Author Comment

by:billwharton
ID: 12282308
it's all part of another garbled problem i am trying to solve.

I'm in my office and they've restricted all websites. I always have my vpn tunnel to home up and running and could run a terminal services session but images load up very slow and of course video ain't possible.

Hence, I thought I could use my server at home as a NAT server. A proxy wouldn't do as every other protocol needs you to set up a proxy for it. This is how I started to implement the plan.

Get rid of the default gateway the office DHCP server provided me and only add a single route to my home IP address to go through the office gateway. Once connected, I have to add a default route and a default route should have it's next hop on the same network. Now, since my vpn pool assigned me an IP address of 11.1.1.15, I tried doing a static nat to translate 11.1.1.80 to 10.1.1.80 (nat server)
But that didn't work.

You're probably saying I'm getting crazy over something small which is true. However, even if I can't do it, it was quite a bit of learning involved in the process which cannot hurt :)
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12282409
I do think you're crazy, but it does afford a good learning experience..
Trying to cheat the system, are we?
You don't control the network at work
You do have a VPN back to home network (PIX)
You want to use home server as a sort of anonymous proxy, "through" the vpn tunnel?
Can't do it anyway.
0
 
LVL 11

Author Comment

by:billwharton
ID: 12282450
after your summary, i've started thinking of myself as even crazier. It's like each step of the way, I've tried to achieve something but put a road block in front of it.

lol

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DHCP lease issue ? 8 92
palo alto VM series in AWS 3 91
Tab device internet access -MicroSIM insert telco connection 2 72
increase internet speed 3 83
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now