Hi,
I'm about to start testing DNAT rules for connections from the pptp subnet.
What I want to achieve is this:
Our private LAN subnet is currently, say, 172.168.0.0/24.
We are planning to change this to 192.168.0.0/24 (don't ask why - long story).
In preparation for this, the LAN interface on the ASL box is 192.168.0.1 with an additional address/network added to this interface for 172.168.0.1 so machines can be easily migrated from one subnet to the other with little change to the configuration.
One issue with this is when it comes to road warrior access. When the IP addresses of important servers are altered, all the pptp clients will have to have their hosts files changed to reach the servers. Doing this all on one day is going to be trouble - especially as there are bound to be local issues with the subnet changes anyway.
What I think we should do is create DNAT rules for packets coming from the PPTP subnet (the default 10.59.125.0) so incoming connections to the old server IP addresses (172.168.0.x) are changed to the new IP addresses (192.168.0.y) - then we can address the individual hosts files at our leisure.
However, what is unclear is whether we need to set up associated SNAT rules for the packets returning from the local servers to the remote PPTP clients - changing the new IP addresses back to the old ones relating to the client hosts files. Or will the first DNAT rules do this automatically?
Thanks
This thread was automatically locked due to age.
