Multiple tunnels to be NATed with NS5XP.

[niggy]

Hello,

I'm very new to Netscreen and thus have this question. Basically, I could do this with PIX but here we're using NS everywhere so that's why I'm asking.
We have several clients connecting to our NS5Xp and doing LAN-to-LAN tunnels. Then the clients access different resources on our netrwork. For them to be able to do this, each time we have a new client I have to add a route into my router.
So, I was thinking if NATing all the clients LANs to a network and then creating a single static route pointing to that NATed network would be possible.
What do you think?
Basically on PIX I could specify a "nat" and then "global" commands to nat all of the subnets to the one specified in global command.
I hope my question makes sense.
Thank you for your attention.
Nik

 

[shrubble]

I think that would work no problem. This is precisely why we don't route foreign(or public) addresses through our network as a matter of policy-- it gets messy. Everything that hits our network get NAT'ed to a private IP within the same subnet, with policies on our Netscreen 500's dictating which hosts they can communicate with or not. If you simply allowed all of those NAT's to communicate with "Any" (or a group), you could create a nice pass-through network.

"I would rather have a free bottle in front of me, than a pre-frontal lobotomy..."

-Shrubble