Guest
|
 Posted:
Wed Nov 09, 2005 3:25 am Post subject:
Need to have the VPN "host" behind NAT |
|
|
I have a client who has a corporate firewall located out of state. We
have been given permission to setup a VPN solution into the local
subnet via the corporate internet connection. The corp folks will be
giving us a 1-to-1 NAT association for whatever IP address we select
from the external IP they give us on the firewall.
I'm familiar with several brands of small routers (netopia of old,
Watchguard, Sonicwall, etc) and was thinking of putting in a small
Watchguard Edge and let the remote user us MUVPN to get in. The
problem that just occured to me is that a "router/firewall" with VPN
access will not work.
So, I have a local subnet of 10.0.0.x and I want to setup a VPN into
that subnet.
The Watchguard Edge will have a local ip address assigned to the WAN
port (lets say 10.0.0.5) and the LAN port will be on the same
subnet.....this won't work (at least the edge won't let it happen).
I'm not needing the firewall/NAT portion of the firewall. All I need
is the VPN connection.
Anyone have any ideas on a <$1000 solution for a VPN only box that we
could set on the local network, allow a single cllient to access it and
assign that client a local address?
Most of the manufacturer's pre-sales support is lost on this.
Thanks for any ideas.
jf |
|
Dennis Willson
Guest
|
| Posted:
Wed Nov 09, 2005 4:41 am Post subject:
Re: Need to have the VPN "host" behind NAT |
|
|
I have done this with the Microsoft VPN server and it worked just fine. One NIC card with a single internal address for both in and
out (it gives a warning, but it does work). Fixed external IP address assigned to the internal IP address of the VPN machine.
However some people don't like Microsoft.
Also have you thought about giving the local router an additional subnet and putting the VPN box both. If you set the gateways
correctly the VPN should route back to the same router and then to the local machine.
Dennis
jfranks1970@gmail.com wrote:
| Quote: | I have a client who has a corporate firewall located out of state. We
have been given permission to setup a VPN solution into the local
subnet via the corporate internet connection. The corp folks will be
giving us a 1-to-1 NAT association for whatever IP address we select
from the external IP they give us on the firewall.
I'm familiar with several brands of small routers (netopia of old,
Watchguard, Sonicwall, etc) and was thinking of putting in a small
Watchguard Edge and let the remote user us MUVPN to get in. The
problem that just occured to me is that a "router/firewall" with VPN
access will not work.
So, I have a local subnet of 10.0.0.x and I want to setup a VPN into
that subnet.
The Watchguard Edge will have a local ip address assigned to the WAN
port (lets say 10.0.0.5) and the LAN port will be on the same
subnet.....this won't work (at least the edge won't let it happen).
I'm not needing the firewall/NAT portion of the firewall. All I need
is the VPN connection.
Anyone have any ideas on a <$1000 solution for a VPN only box that we
could set on the local network, allow a single cllient to access it and
assign that client a local address?
Most of the manufacturer's pre-sales support is lost on this.
Thanks for any ideas.
jf
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in