Remotes are not behind our PAT and can't get to customers.
We have a need to have a few of our customers allow our PAT fw address in on a specific port to access their env and do some maint to a proprietary product.
Our remote users, aren't represented by that same IP PAT address when they are trying to hit those customers. We have a WG firebox e550 and using sslvpn with the remotes. Right now I have them vpn in and rdping to a desktop in-house to then hit the customer's site.
I'm looking for another way to get them gain access to the customers without having to hit/use a mahcine in-house first. I cannot think of any correct, if there is such a thing, IP spoofing or mimicking way to do this.
Please do not recommend/ask about webex or login type products. I'm asking about a specific route/approuch and wondering if it's even doable.
Thanks
Our remote users, aren't represented by that same IP PAT address when they are trying to hit those customers. We have a WG firebox e550 and using sslvpn with the remotes. Right now I have them vpn in and rdping to a desktop in-house to then hit the customer's site.
I'm looking for another way to get them gain access to the customers without having to hit/use a mahcine in-house first. I cannot think of any correct, if there is such a thing, IP spoofing or mimicking way to do this.
Please do not recommend/ask about webex or login type products. I'm asking about a specific route/approuch and wondering if it's even doable.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gremwell, thanks and i'll research "NAT on a stick" concept and implementation in conjunction with our WG. Dpk_wal, it's basically what gremwell confirmed, I need to, "... route traffic from SSL VPN clients ...., so it will appear as if it originated from the PAT firewall" . I will give some dummy IP descriptions in order to hear what else you can offer up on the subject.
1.simple WG e550 setup with our org is repped as a PAT address of 78.90.90.100.
2.cuist has an allowance for comm from that address for use of say port 6932.
3.all our in-house persons that need it can gain access using that rule from over the net to the customers internal resource.
4.Our remotes connect to use via sslvpn(WG) and ISP addresses are whatever they are as per their local ISP/provider. e.g.
1.simple WG e550 setup with our org is repped as a PAT address of 78.90.90.100.
2.cuist has an allowance for comm from that address for use of say port 6932.
3.all our in-house persons that need it can gain access using that rule from over the net to the customers internal resource.
4.Our remotes connect to use via sslvpn(WG) and ISP addresses are whatever they are as per their local ISP/provider. e.g.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you both for replying. Gremwell, NAT on a stick is specific to Cisco as you know, while I was specific to my type of firewall... WG. Dpk_wall, I don't want vpn users to go through the fw to go out to Internet and made that decision during initial setup a year or so ago. I logged a call on WG site and will be using Dynamic NAT route instead. Thx
You can set virtual IP for SSL clients anything as you wish; but am not sure how you want to PAT them to other customers specific environment so need details.
Thank you.