This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT Rule within 2 LAN segments

Hi.

I wonder how to do following NAT rule:

Target IP: 10.1.1.30
Port: 3389
Gateway: 10.1.2.2 (ISA Server Firewall)

Source IP (SSL VPN): 10.73.202.0
Source Port: 3389

Because I can only reach 10.1.2.0 segment via SSL VPN, i need a "man in the middle", like 10.1.2.132 for accessing the target.

10.1.2.132 is not a host, only a "virtual" ip for NATing.

How can I configure this out?

Thanks

This thread was automatically locked due to age.

Parents

0 xandrosx over 17 years ago

Why is the gateway 10.1.2.x to get to a network 10.1.1.x ?

It would be simple enough to NAT from the gateway of the VPN to the Network if the Interface of the Destination Network Hangs of the Astaro Gateway.. However where does the ISA come into this? where is the Astaro Box?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 xandrosx over 17 years ago

Why is the gateway 10.1.2.x to get to a network 10.1.1.x ?

It would be simple enough to NAT from the gateway of the VPN to the Network if the Interface of the Destination Network Hangs of the Astaro Gateway.. However where does the ISA come into this? where is the Astaro Box?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BAlfson over 17 years ago in reply to xandrosx

I'm not sure I understand what traffic you are trying to get from where to where, but here are several ideas.

One trick is to create an additional IP on the internal interface, then use a SNAT to make the traffic appear to come from there.

Or, perhaps you could just change the subnet mask for the Internal (Network) definition to 10.1.0.0/22 instead.

With the advent of the option to have VPN IPs assigned by your normal network DHCP server, there's an easier, more elegant solution, as no phantom interface or SNAT is needed - the VPN tunnel is already on the internal subnet.
Cancel
Vote Up 0 Vote Down

Cancel