Re: [Shorewall-users] NAT and VPN on the same gateway.

Wed, 16 Jan 2008 14:21:15 -0800 

The indentation messed things up a bit. So i will clarify

10.XX.XX.XX - Our Network - A
88.XX.XX.XX - Our Gateway - B
22.XX.XX.XX - Their Gateway -C
64.XX.XX.XX - Their Subnet - D

Structure

10.XX.X.X <-----> 88.XX.XX.XX< --VPN---> 22.XX.XX.XX< --->64.XX.XX.XX

What we need

                  SNAT
10.XX.X.X <------------> 88.XX.XX.XX< --VPN---> 22.XX.XX.XX< --->64.XX.XX.XX

What they want to see from their side

88.XX.XX.XX< --VPN---> 22.XX.XX.XX< --->64.XX.XX.XX

On Jan 16, 2008 5:15 PM, Shankhadeep Shome <[EMAIL PROTECTED]> wrote:
> Hi
>
> I wanted to ask the experts here for advice on this desired setup. I
> looked at all the documentation I could find and am now resorting to
> asking an expert. My company requires a site to site vpn with another
> company which does not want to see our internal network on their side.
> They only want to see a public IP address of our VPN
>
> 10.XX.X.X <-------------------> 88.XX.XX.XX<
> ---------------------------------------------------> 22.XX.XX.XX<
> ---------------------->64.XX.XX.XX
> Our Private Network          VPN Gateway                  IPSecTunnel
>          Our Clients' VPN GW                Their Server SUBNET
>
> Normally computers on our network can see the computers on theirs
> however we are required to SNAT all our connections such that they
> only see this type of configuration. That is even their internal
> machines must see our public IP-address only.
>
>
> This is what we need to do. SNAT all requests from the internal
> machines before send them through the VPN.
>
>                      SNAT
> 10.XX.X.X <-------------------> 88.XX.XX.XX<
> ---------------------------------------------------> 22.XX.XX.XX<
> ---------------------->64.XX.XX.XX
> Our Private Network          VPN Gateway                  IPSecTunnel
>          Our Clients' VPN GW                Their Server SUBNET
>
>
> This is what they want to see... from their side
>
> 88.XX.XX.XX<-------------------------------------------->22.XX.XX.XX<----------------->64.XX.XX.XX
> VPN Gateway            IPSecTunnel          Our Client's VPN GW
> Their Server SUBNET
>
> Is this possible with Linux 2.6.XX and shorewall? We have no software
> or hardware restriction on our side.
>
> Thanks to anybody who can give some advice.
>
> Shankhadeep
>

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to