Solved

Need help with VPN NAT (kind of confusing)

Posted on 2011-03-23
5
303 Views
Last Modified: 2012-05-11
I'll do my best to explain this. We (CompanyA) have a site to site VPN tunnel with CompanyB.  Because CompanyB is a large, public company, there are lots of policies and red tape to deal with.  For instance, even though we have a VPN configured, they require that each of CompanyA's resources be NAT'd on CompanyA's firewall and that all traffic that comes from CompanyA's resources appear to come from this public IP address, NOT the internal LAN address.  I got over that one...It was a pain, but easy enough.  The problem that has me banging my head against the wall is this:

 - CompanyA provides an internal webpage that hosts all our content on a SQL back end.  
 - CompanyB can access this resource as requested, by using the public IP I used in the
    NAT   policy for this resource.
- The webpage has thousands of links to other documents hosted in the database.  
  These links all point to http://internal_server_name_/blah/blah/blah.pdf
- Because they require the public address, they cannot resolve "internal_server_name" to  
  anything, therefore cannot open the links.  The same applies when CompanyA
  employees  want to send links to the webpage via email.

Anytime a link is sent to CompanyB, the employees at CompanyA must manually change the link to read:  http://servers_public_ip_address/blah/blah/blah.pdf.  Like I said, there are thousands of links, which all point to the servers internal name, so changing everyone of those is out of the question.

If anyone can help me figure this one out, I'll owe you big time.

We are at a stalemate at this point.  They refuse (or are just too large a company) to agree to just be done with the public IP and use the internal IP, which would solve all the problems.  I've exahusted all my resources trying to come up with a resolution for this, but I'm just banging my head against the wall.  
0
Comment
Question by:tenover
  • 3
  • 2
5 Comments
 
LVL 68

Expert Comment

by:Qlemo
ID: 35200535
How if you see it the other way round - only use "external" links? You can resolve that on CompanyA site to be the same as the internal IP - if you can use a name for the public IP at CompanyB, that is.
If they refuse to do any DNS resolution (which would even allow "internal name" to be resolved to the public IP on their network), you have to change all links to the public IP. A NAT for internal traffic would be required, or having both private and public IP on the Web Server. Your options depend on your device, your knowledge, and what other conditions need to be met in addition.
0
 

Author Comment

by:tenover
ID: 35200578
The problem with that is going in and manually changing thousands of links.....
If we DID decide to do that though, you're saying to have make a DNS alias at CompanyA that would match a public DNS entry, that way the links would all be accessible?

For instance:
internal server name:  ServerA
Internal DNS entry:  CN > ServerA>ServerAlias

Public DNS entry:  A>ServerAlias
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35200773
As far as I understood your example, yes, that should work.
0
 

Author Comment

by:tenover
ID: 35200800
Well, let me throw this out there then.  I already DID have our ISP create an entry that uses the same name as the internal server (ServerA) and have it resolve to the public IP address.  The problem now, is that my internal domain name is company, and my external domain name is company.com.  So there is some issue in that external parties still don't resolve the name....?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 35201032
Bad luck then. You need to rewrite the web address to be complete. If all you need to care about are HTML links, there are many free editors out there able to go thru all textfiles replacing simple texts.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco L2L VPN problems Phase 2 3 55
azure vpn connection 3 55
Force VPN connection to use a network adapter 6 65
Telco & Point to Point Internet VPN 3 73
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now