Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Shaun E on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2 NATS on 1 internal address

Status
Not open for further replies.
Piloria

Piloria

IS-IT--Management
Mar 12, 2002
435
GB
I am looking for a way to have 2 Nat adresses (Static) on one internal server.
for an internet access we need 1 NAT and for via VPN we need another.
i have found a way of getting the outbound working with 2 but i am having problems with inbound

Any ideas or thourghts would be useful.
 
Sort by date Sort by votes
Why use two different addresses?

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
we only have a restricted number of external IP addresses so over the VPNs we use 10.x.x.x ip addresses to hide internal structure. on an occation we need to make one of the internal servers available on a public ip address but need to maintain the VPN NATs
 
Upvote 0 Downvote
Okay, so why do you want to NAT one server to two different external IP addresses. If you are short of external IP's then it makes more sense to just have a static NAT to a single external address which can be used either for VPN traffic or external inbound connections.

I can't really see any benefit to hiding your network behind another private address range. It makes no difference to what the other end can see on your network as defined by your security rules.

If you *really* want to do this then maybe you could build manual NAT rules so that when the source is the other end of the VPN, you NAT to a virtual object with a 10.x.x.x address and when the source is from the internet you NAT to a different object.

Source= VPN Dest=10.x.x.x NAT to=Int_srv
Source= Any Dest=Global_Srv NAT to=Int_srv

Chris.


**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
sorry a slight missunderstanding.
we use the 10.x.0.0 range to hide the internal structure over the vpn (all internal networks use the 10.x.0.0 as the NAT range regardless of their own IP)
but we also need to use a valid IP on occation for a direct internet connection to the server.

 
Upvote 0 Downvote
Yup, should be easy enough with manual NAT rules as described. You create an object for the server with the 10.x.x.x address and build a manual NAT rule for VPN traffic and a virtual object with the real address and build a manual NAT rule for other traffic, NATing the virtual object (with the real outside address) to the internal server.

With manual NAT rules you can create NAT rules based on a pre-set condition, like policy NAT/route-maps on Cisco stuff.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
803
nnaarrnn
nnaarrnn
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
336
PauS0n
PauS0n
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
324
mcisar
mcisar
cbsarge
  • Locked
  • Question
SonicWALL Mobile Connect on Chromebooks
Replies
1
Views
410
jcarmichael1203
jcarmichael1203

Part and Inventory Search

Sponsor

Back
Top