This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mapping external static IP to VPN IP for HTTP

I am trying to map an external static IP address to an internal VPN IP address.

Here is the idea I had in mind

ExtIP --> FW (192.168.0.1) ---> Local Net --> Host (.5)

ExtIP --> FW (192.168.0.1) ---> VPN --> Host (172.16.0.50)

This would allow me to set an external IP in DNS and have it mapped to a machine which is on VPN.

When I create an additional IP on the external interface and create a DNAT rule forwarding all traffic to this IP to 172.16.0.50 I can't get this to work. This does work if I use the 192.168.0.5 address but not the other. I can see the 172 address from 192 hosts and can ping the 172 host from the FW, if I explictily specify the 192.168.0.1 interface (-I 192.168.0.1) but no traffic seems to be crossing correctly for the VPN connection. I am lost. Does anyone know how to tell the FW to map to an external VPN address or is there another way of doing it?

Astaro 4.025

Thanks
Steven

This thread was automatically locked due to age.

Parents

0 ReD-MaN over 21 years ago

Well, you either have to have one end of the vpn tunnel defined as 0.0.0.0 (any) for the local network, and have ALL traffic flow over the vpn, OR you need to SNAT ANY to VPNHTTPIP change source to FWINTERNALIF.

However, if you do the SNAT, the webserver will see ALL traffic as coming from the internalinterface of the FW, not the real original ip addy.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ReD-MaN over 21 years ago

Well, you either have to have one end of the vpn tunnel defined as 0.0.0.0 (any) for the local network, and have ALL traffic flow over the vpn, OR you need to SNAT ANY to VPNHTTPIP change source to FWINTERNALIF.

However, if you do the SNAT, the webserver will see ALL traffic as coming from the internalinterface of the FW, not the real original ip addy.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data