Does anyone know if this is possible, or even likely to work? What I want to do is this:
I have a vendor (Vendor A) who I am connected to via T1. The router between us performs NAT so that we can send data between their servers and ours. We have another vendor (Vendor B) that needs access to that data, but for purposes too lengthy to explain here we cannot send it directly from our servers. We are planning to connect them to us via an IPSec VPN. I've looked at my firewall (Fortigate 400) and this looks theoretically possible.
I can set up the VPN tunnel between the Vendor B and our site without any problems. I'm thinking that I can set a virtual IP on our firewall's internal interface that points to the vendor's VPN endpoint. Nothing new there. So then the traffic flow would go from Vendor A's server to a natted address on their network, which the router would translate to the virtual IP on our network, which our firewall would translate to it's eventual endpoint address at Vendor B.
Does that make sense?
Any idea what happens to return traffic? Would I have to set up the same thing going the other direction?
I have a vendor (Vendor A) who I am connected to via T1. The router between us performs NAT so that we can send data between their servers and ours. We have another vendor (Vendor B) that needs access to that data, but for purposes too lengthy to explain here we cannot send it directly from our servers. We are planning to connect them to us via an IPSec VPN. I've looked at my firewall (Fortigate 400) and this looks theoretically possible.
I can set up the VPN tunnel between the Vendor B and our site without any problems. I'm thinking that I can set a virtual IP on our firewall's internal interface that points to the vendor's VPN endpoint. Nothing new there. So then the traffic flow would go from Vendor A's server to a natted address on their network, which the router would translate to the virtual IP on our network, which our firewall would translate to it's eventual endpoint address at Vendor B.
Does that make sense?
Any idea what happens to return traffic? Would I have to set up the same thing going the other direction?