Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

3 site over IPSEC

hello all

I have 3 site connected with vpn IPSec. clients of each site are connected to SQL DB on serverX. Some time is needed to drop the serverX and to connect all clients to server on site 2. What i want to do is to configure a static nat for this serverY and to have all clients still connected on this Ip of 192.168.40.3.

Any advice, any example will be appreciated.

Thank you

ADI

5 REPLIES
New Member

Re: 3 site over IPSEC

Hello. Can you please clarify the question?

You want to decomission serverX and use serverY instead -- but still use the same IP address that was on ServerY?

Or did I completely misunderstand the question?

New Member

Re: 3 site over IPSEC

hello.

At the three sites we have users that are using a application connected to MSsql DB on serverX through tcp/ip. For maintenance reasons we need to drop these one and have to make a new connection to serverY. All clients points to ServerX , using nat on respective routers connected with VPN is it possible to translate the serverY IP with static nat to the serverX's Ip? It is clear that clients on second site will not use this one but the other two site may have the possibility to profit by nat.

regards.

New Member

Re: 3 site over IPSEC

Ok, I understand now. What you want to do is change the destination IP address in the packet -- essentially re-directing the packet.

This is called DNAT or destination NAT and can be done with a Cisco PIX or ASA http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml or most any firewall device.

You will need to see if you can do it with your router. I do not know if this function is available on the router.

New Member

Re: 3 site over IPSEC

the routers have these possibility but i have try to do that but till now without successes

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

regards.

New Member

Re: 3 site over IPSEC

The configuration in that article only shows how to perform source NAT -- the "regular" type of NAT that is commonly used to hide (the source address of) multiple private IPs behind (the source address of) one or more public IPs.

This is not the type of NATing you want to do. I don't think you can do DNAT with a router. I am unable to find a configuration on how to do this. You may need a firewall to do this. Sorry I can't be of more help.

112
Views
0
Helpful
5
Replies
CreatePlease to create content