Interesting scenario- let me see of I can dig up something. Regards, Jay McMickle- CCIE #35355 (RS) Sent from my iPhone 5
On Nov 22, 2012, at 1:42 AM, Ben Shaw <[email protected]> wrote: > Hi All > > can anyone provide input on this challenge? > > I have a small client with a single Internet connection and just the one > public IP. I use static PAT on the edge router to translate inbound > connections to different servers based on port (25, 443, 80 etc). > > I would like to place a router on the inside of this edge router to terminate > VPN tunnels. I do not wish to terminate VPN tunnels on this edge router. > Having still only one public IP I can obviously translate UDP 500 to the > outside interface of this VPN router but what about the ESP traffic? I don't > believe I will be able to use PAT to translate the ESP packets to the same > outside interface of the VPN router. For that I presume it would have to be a > static NAT translation at layer 3. > > So considering all current translations are in the form of static PAT on the > router, if I add to this a static PAT for UDP 500 and a static NAT for the > WAN interface of the edge router to the outside interface of the VPN router > should this work? The resultant configuration will be along the following > lines > > WAN IP:TCP25 -> Internal_Mail_Server:25 > WAN IP:TCP443 -> Internal _Web_Server1:443 > WAN IP:TCP80 -> Internal_Web_Server2:80 > WAN IP:UDP500 -> VPN_Router:500 (new) > WAN IP -> VPN_Router (new) > > There is currently no static NAT configured on the edge router, only static > PAT. > > Thanks > Ben > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
