3 site over IPSEC

Unanswered Question
Nov 30th, 2007

hello all

I have 3 site connected with vpn IPSec. clients of each site are connected to SQL DB on serverX. Some time is needed to drop the serverX and to connect all clients to server on site 2. What i want to do is to configure a static nat for this serverY and to have all clients still connected on this Ip of

Any advice, any example will be appreciated.

Thank you


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jeremyault Fri, 11/30/2007 - 11:19

Hello. Can you please clarify the question?

You want to decomission serverX and use serverY instead -- but still use the same IP address that was on ServerY?

Or did I completely misunderstand the question?

adriatikb Sat, 12/01/2007 - 10:22


At the three sites we have users that are using a application connected to MSsql DB on serverX through tcp/ip. For maintenance reasons we need to drop these one and have to make a new connection to serverY. All clients points to ServerX , using nat on respective routers connected with VPN is it possible to translate the serverY IP with static nat to the serverX's Ip? It is clear that clients on second site will not use this one but the other two site may have the possibility to profit by nat.


jeremyault Sun, 12/02/2007 - 17:40

Ok, I understand now. What you want to do is change the destination IP address in the packet -- essentially re-directing the packet.

This is called DNAT or destination NAT and can be done with a Cisco PIX or ASA http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml or most any firewall device.

You will need to see if you can do it with your router. I do not know if this function is available on the router.

jeremyault Tue, 12/04/2007 - 08:42

The configuration in that article only shows how to perform source NAT -- the "regular" type of NAT that is commonly used to hide (the source address of) multiple private IPs behind (the source address of) one or more public IPs.

This is not the type of NATing you want to do. I don't think you can do DNAT with a router. I am unable to find a configuration on how to do this. You may need a firewall to do this. Sorry I can't be of more help.


This Discussion