|
||||||||
a similar question was posted in 2004 with no answer (that I can find) I have a client with multiple IPSEC tunnels for their vendors to hit their file servers (all on Monowalls), incoming traffic is routed over 2 other IPSEC tunnels for access to 2 remote file servers (basically the company has 3 offices each with a file server, domain connected by IPSEC tunnels) all current vendors are OK with routing over the tunnels to the private IPs (we recently changed the company's IP scheme to please 2 of the major vendors). They now have another vendor who cannot route (and will not) to a private network - I've talked with him and he has too many clients with private IP routing and won't do any more (he is forcing his clients to migrate to public IPs) - and my client's network conflicts with another of his . . . The request is to NAT the internal file servers to public IPs . . . . so the vendor can route those addresses over IPSEC . . . . . he only needs access to the 3 file servers . . . . I need to leave the existing tunnels/addressing in place because the other vendors still need access to the entire network, not just the file servers . . . . so NAT would have to be specific to the one IPSEC tunnel. (NOTE: IPs sanitized to protect the client) Public IPs available at location 2= 192.168.80.162, .163, .164, .165, .166 (Location 2 is the IPSEC endpoint for this company, traffic for satellite offices route over Monowall->Monowall IPSEC connections) Vendor network = 192.168.0.0/24 File server 1 = 10.0.14.1 File server 2 = 10.0.18.1 File server 3 = 10.0.22.1 Any recommendations on whether this is possible with Monowall? Can I assign an outbound NAT as follows: source=10.0.18.1/32 destination=192.168.0.0/24 target=192.168.80.166 To do this I have to enable "advanced outbound NAT" to put it on the LAN? Do I then have to create Outbound NAT rules for Internet access? |