Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
5
Replies

3 site over IPSEC

adriatikb
Level 1
Level 1

‎11-30-2007 01:59 AM - edited ‎02-21-2020 03:24 PM

hello all

I have 3 site connected with vpn IPSec. clients of each site are connected to SQL DB on serverX. Some time is needed to drop the serverX and to connect all clients to server on site 2. What i want to do is to configure a static nat for this serverY and to have all clients still connected on this Ip of 192.168.40.3.

Any advice, any example will be appreciated.

Thank you

ADI

Labels:
24048-lan diagram 3 site.vsd
0 Helpful
5 Replies 5

jeremyault
Level 1
Level 1

‎11-30-2007 11:19 AM

Hello. Can you please clarify the question?

You want to decomission serverX and use serverY instead -- but still use the same IP address that was on ServerY?

Or did I completely misunderstand the question?

0 Helpful

adriatikb
Level 1
Level 1
In response to jeremyault

‎12-01-2007 10:22 AM

hello.

At the three sites we have users that are using a application connected to MSsql DB on serverX through tcp/ip. For maintenance reasons we need to drop these one and have to make a new connection to serverY. All clients points to ServerX , using nat on respective routers connected with VPN is it possible to translate the serverY IP with static nat to the serverX's Ip? It is clear that clients on second site will not use this one but the other two site may have the possibility to profit by nat.

regards.

0 Helpful

jeremyault
Level 1
Level 1
In response to adriatikb

‎12-02-2007 05:40 PM

Ok, I understand now. What you want to do is change the destination IP address in the packet -- essentially re-directing the packet.

This is called DNAT or destination NAT and can be done with a Cisco PIX or ASA http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml or most any firewall device.

You will need to see if you can do it with your router. I do not know if this function is available on the router.

0 Helpful

adriatikb
Level 1
Level 1
In response to jeremyault

‎12-03-2007 08:03 AM

the routers have these possibility but i have try to do that but till now without successes

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

regards.

0 Helpful

jeremyault
Level 1
Level 1
In response to adriatikb

‎12-04-2007 08:42 AM

The configuration in that article only shows how to perform source NAT -- the "regular" type of NAT that is commonly used to hide (the source address of) multiple private IPs behind (the source address of) one or more public IPs.

This is not the type of NATing you want to do. I don't think you can do DNAT with a router. I am unable to find a configuration on how to do this. You may need a firewall to do this. Sorry I can't be of more help.

0 Helpful
Customers Also Viewed These Support Documents