a similar question was posted in 2004 with no answer (that I can find)
I have a client with multiple IPSEC tunnels for their vendors to hit their
file servers (all on Monowalls), incoming traffic is routed over 2 other
IPSEC tunnels for access to 2 remote file servers (basically the company has
3 offices each with a file server, domain connected by IPSEC tunnels) all
current vendors are OK with routing over the tunnels to the private IPs (we
recently changed the company's IP scheme to please 2 of the major vendors).
They now have another vendor who cannot route (and will not) to a private
network - I've talked with him and he has too many clients with private IP
routing and won't do any more (he is forcing his clients to migrate to
public IPs) - and my client's network conflicts with another of his . . .
The request is to NAT the internal file servers to public IPs . . . . so the
vendor can route those addresses over IPSEC . . . . . he only needs access
to the 3 file servers . . . .
I need to leave the existing tunnels/addressing in place because the other
vendors still need access to the entire network, not just the file servers .
. . . so NAT would have to be specific to the one IPSEC tunnel.
(NOTE: IPs sanitized to protect the client)
Public IPs available at location 2= 192.168.80.162, .163, .164, .165, .166
(Location 2 is the IPSEC endpoint for this company, traffic for satellite
offices route over Monowall->Monowall IPSEC connections)
Vendor network = 192.168.0.0/24
File server 1 = 10.0.14.1
File server 2 = 10.0.18.1
File server 3 = 10.0.22.1
Any recommendations on whether this is possible with Monowall?
Can I assign an outbound NAT as follows:
To do this I have to enable "advanced outbound NAT" to put it on the LAN?
Do I then have to create Outbound NAT rules for Internet access?