Hi All can anyone provide input on this challenge?
I have a small client with a single Internet connection and just the one public IP. I use static PAT on the edge router to translate inbound connections to different servers based on port (25, 443, 80 etc). I would like to place a router on the inside of this edge router to terminate VPN tunnels. I do not wish to terminate VPN tunnels on this edge router. Having still only one public IP I can obviously translate UDP 500 to the outside interface of this VPN router but what about the ESP traffic? I don't believe I will be able to use PAT to translate the ESP packets to the same outside interface of the VPN router. For that I presume it would have to be a static NAT translation at layer 3. So considering all current translations are in the form of static PAT on the router, if I add to this a static PAT for UDP 500 and a static NAT for the WAN interface of the edge router to the outside interface of the VPN router should this work? The resultant configuration will be along the following lines WAN IP:TCP25 -> Internal_Mail_Server:25 WAN IP:TCP443 -> Internal _Web_Server1:443 WAN IP:TCP80 -> Internal_Web_Server2:80 WAN IP:UDP500 -> VPN_Router:500 (new) WAN IP -> VPN_Router (new) There is currently no static NAT configured on the edge router, only static PAT. Thanks Ben
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
