IP forwarding from with a VPN and frame connection

cgervasini · ‎04-10-2003

Here is our scenario.

Pix 501 at remote site with 3015 concentrator at host site using EasyVPN because IP address is dynamic.

Pix is configured to tunnel traffic to corporate lan through tunnel but internet traffic goes directly to web(split). Users have an application that they use that connects to a public IP address. Host site has a direct connection(frame relay) to the same application site. These users have problem with time-outs when connecting to application IP address through the internet. I would like to redirect this traffic through the tunnel and utilize the frame connection to take care of the time-out issue. Can I somehow spoof the ip address in the application and then translate it back when it gets to the corporate lan to the original address using simple IP routing commands. The ip address of the application can easily be changed in an ini file, it also includes a port of 9100, I don't know if that is going to make any difference. Thanks

ivillegas · ‎04-16-2003

Make the remote site part of the corporate network and build the tunnel between the remote site and corporate network. Add necessary static routefor the application Public IP address in the PIX firewall, so that the traffic will go through the corporate network to reach the application.

As the source address of Remote site is part of the corporate network, the return traffic for remote site will flow through the corpaorate network and to the remote site.