I have built a site to site VPN tunnel to an extranet that uses a seperate nat pool for VPN and Internet. The allows me access systems at the remote end. How, if at all, can I them access a particular host at my end. Can I have a unique host be accessible via a static nat and use dynamic nat when accessing the internet. Can I have global pool of one ip reserved for one user and have the outside reference the global IP to access the internal system (ACL permitting).
I am trying to model a business partner experience when interface with me. I am also trying to define the scalability of this solution.
I have set this up in a lab and had a couple failing points.
Primarily, I want the business partner to access some application on my network. This is working using two nat pools (vpn and internet)
I would like to able to access an application on the business partner network. IE, I want my application to send a LPR printout to one of their printer. Everything I read, says I need a static NAT rule for me to pass from low security to high security in the PIX. If I setup a static for the VPN traffic, it breaks the dynamic nat for internet traffic. Is there a way to allow me to use a static nat for the VPN traffic and a dynamic nat for Internet.
I need to use nat for the VPN traffic as there is a Private IP overlap.
I know this is wordy but I hope it help clarify my question.
1) A business partner needs to access an application on your network. You will need to present the IP address(es) of your server(s) hosting the application to the business partner. If it is coming through a VPN tunnel it doesn't have to be a public IP address eg. Say your partner needs to access serverA in your site
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...