Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT public IP address to private over VPN with PIX 515E

Status
Not open for further replies.
chinkle

chinkle

IS-IT--Management
Joined
Sep 14, 2007
Messages
3
Location
US
Hi... This could get complicated, but I hope not. :)

I've got a DNS server that I want to move to a remote site, but because it serves the public I want to keep the same IP address (otherwise I have to change a bunch of hosted domains at the registrar, and I want to avoid that). The remote site is connected to the original site via site-to-site VPN between my PIX 515E and a Cisco 1812 router.

Right now I know I can take the external address, call it 222.111.222.3 and use NAT locally to our inside network of 10.10.10.3. The remote site uses addresses in a different subnet, and the server when it moves over there would get an address of 10.20.10.3, and would have a different external IP address of, say, 77.66.55.3. We have no problem talking between the 10.10.10.x and 10.20.10.x subnets over the VPN.

Is it possible to configure the PIX such that when it gets a request at 222.111.222.3 it translates it to use 10.20.10.3? Assuming we'd use a "static" NAT command, what interface would be used, since that subnet exists at the other end of a VPN connection. We tried "static (outside,outside) 222.111.222.3 10.20.10.3 netmask 255.255.255.255" and it worked inside our network, but not from a publically routed address outside.

I'm sure the answer is out there, but I've been searching, and it seems I don't know how to phrase the question correctly. I appreciate any help you can give.

Thanks,
chinkle
 
Sort by date Sort by votes
Okay I have to ask the obvious. Why in the world would you want to do this? I mean access to a DNS server across a VPN tunnel? Certainly you registered the domains using ns1.mydomain.com and ns2.mydomain.com so you could merely change the ip associated with those nameservers.
 
Upvote 0 Downvote
I guess that assumes that the domains were registered with a named address for the DNS servers instead of their IP addresses... right? I wasn't sure I could comfortably make that assumption. Do the registrars always resolve those IP addresses and store the named addresses in case the numerical addresses change? I admit I don't know much about how the registrars work these days.

The other thing, although minor, is that we've got various clients that use the existing IP address in their network configurations.

I agree it's a very kludgy way of getting around the problem. If it's truly ill-advised, I'll take that under consideration and do it the Right Way. Perhaps this would be a good stop-gap measure, though, while the Right Way is implemented.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
1K
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question Question
iptables port forwarding
Replies
0
Views
854
XLNTech1
XLNTech1
ISDPCMAN
  • Locked
  • Question Question
RDP fails over VPN
Replies
1
Views
528
gkittelson
gkittelson
intel233
  • Locked
  • Question Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
1K
intel233
intel233

Part and Inventory Search

Sponsor

Back
Top