Solved

Need help with VPN NAT (kind of confusing)

Posted on 2011-03-23
5
307 Views
Last Modified: 2012-05-11
I'll do my best to explain this. We (CompanyA) have a site to site VPN tunnel with CompanyB.  Because CompanyB is a large, public company, there are lots of policies and red tape to deal with.  For instance, even though we have a VPN configured, they require that each of CompanyA's resources be NAT'd on CompanyA's firewall and that all traffic that comes from CompanyA's resources appear to come from this public IP address, NOT the internal LAN address.  I got over that one...It was a pain, but easy enough.  The problem that has me banging my head against the wall is this:

 - CompanyA provides an internal webpage that hosts all our content on a SQL back end.  
 - CompanyB can access this resource as requested, by using the public IP I used in the
    NAT   policy for this resource.
- The webpage has thousands of links to other documents hosted in the database.  
  These links all point to http://internal_server_name_/blah/blah/blah.pdf
- Because they require the public address, they cannot resolve "internal_server_name" to  
  anything, therefore cannot open the links.  The same applies when CompanyA
  employees  want to send links to the webpage via email.

Anytime a link is sent to CompanyB, the employees at CompanyA must manually change the link to read:  http://servers_public_ip_address/blah/blah/blah.pdf.  Like I said, there are thousands of links, which all point to the servers internal name, so changing everyone of those is out of the question.

If anyone can help me figure this one out, I'll owe you big time.

We are at a stalemate at this point.  They refuse (or are just too large a company) to agree to just be done with the public IP and use the internal IP, which would solve all the problems.  I've exahusted all my resources trying to come up with a resolution for this, but I'm just banging my head against the wall.  
0
Comment
Question by:tenover
  • 3
  • 2
5 Comments
 
LVL 69

Expert Comment

by:Qlemo
ID: 35200535
How if you see it the other way round - only use "external" links? You can resolve that on CompanyA site to be the same as the internal IP - if you can use a name for the public IP at CompanyB, that is.
If they refuse to do any DNS resolution (which would even allow "internal name" to be resolved to the public IP on their network), you have to change all links to the public IP. A NAT for internal traffic would be required, or having both private and public IP on the Web Server. Your options depend on your device, your knowledge, and what other conditions need to be met in addition.
0
 

Author Comment

by:tenover
ID: 35200578
The problem with that is going in and manually changing thousands of links.....
If we DID decide to do that though, you're saying to have make a DNS alias at CompanyA that would match a public DNS entry, that way the links would all be accessible?

For instance:
internal server name:  ServerA
Internal DNS entry:  CN > ServerA>ServerAlias

Public DNS entry:  A>ServerAlias
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35200773
As far as I understood your example, yes, that should work.
0
 

Author Comment

by:tenover
ID: 35200800
Well, let me throw this out there then.  I already DID have our ISP create an entry that uses the same name as the internal server (ServerA) and have it resolve to the public IP address.  The problem now, is that my internal domain name is company, and my external domain name is company.com.  So there is some issue in that external parties still don't resolve the name....?
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 35201032
Bad luck then. You need to rewrite the web address to be complete. If all you need to care about are HTML links, there are many free editors out there able to go thru all textfiles replacing simple texts.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco VPN Client and Windows 10 9 170
Routing certain SSLVPN Traffic to CDN 1 22
SSL-VPN 1 51
Fortigate SSL-VPN Split Tunneling question 4 18
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question