Hi
I wanted to ask the experts here for advice on this desired setup. I
looked at all the documentation I could find and am now resorting to
asking an expert. My company requires a site to site vpn with another
company which does not want to see our internal network on their side.
They only want to see a public IP address of our VPN
10.XX.X.X <-------------------> 88.XX.XX.XX<
---------------------------------------------------> 22.XX.XX.XX<
---------------------->64.XX.XX.XX
Our Private Network VPN Gateway IPSecTunnel
Our Clients' VPN GW Their Server SUBNET
Normally computers on our network can see the computers on theirs
however we are required to SNAT all our connections such that they
only see this type of configuration. That is even their internal
machines must see our public IP-address only.
This is what we need to do. SNAT all requests from the internal
machines before send them through the VPN.
SNAT
10.XX.X.X <-------------------> 88.XX.XX.XX<
---------------------------------------------------> 22.XX.XX.XX<
---------------------->64.XX.XX.XX
Our Private Network VPN Gateway IPSecTunnel
Our Clients' VPN GW Their Server SUBNET
This is what they want to see... from their side
88.XX.XX.XX<-------------------------------------------->22.XX.XX.XX<----------------->64.XX.XX.XX
VPN Gateway IPSecTunnel Our Client's VPN GW
Their Server SUBNET
Is this possible with Linux 2.6.XX and shorewall? We have no software
or hardware restriction on our side.
Thanks to anybody who can give some advice.
Shankhadeep
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
