Firewall Wizards mailing list archives
incoming NAT/PATs for VPN users
From: "Brian Loe" <knobdy () gmail com>
Date: Fri, 9 Feb 2007 15:50:13 -0600
Lets say company A has a customer, company B. Company A needs to provide access to several (lets say many) resources within its network to a thousand or so employees at company B. Seems to me that you could simply PAT all of company B's connections when they arrive and the magic of networking should get them routed to the resources you've allowed them and back without any problem. Is there something I'm missing here? Is an incoming PAT not available on, for instance, an ASA? What about a PIX at 6.x or 7.x? What about incoming NAT pools for over a thousand possible users? Anything change if they're physically coming in on a DMZ port as opposed to the outside port - and needing access to resources in another, lower DMZ port (don't ask why a VPN customer would be trusted more than company A's web servers, that's just how it is in this virtual company)? I know we're not alone in providing VPN access to customers but I'm virtually convinced everyone else is doing it better. I'm just hunting real world examples of the "right way" of doing it. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- incoming NAT/PATs for VPN users Brian Loe (Feb 12)
- Re: incoming NAT/PATs for VPN users Josh (Feb 14)
- Re: incoming NAT/PATs for VPN users Brian Loe (Feb 16)
- Re: incoming NAT/PATs for VPN users James (Feb 17)
- Re: incoming NAT/PATs for VPN users kevin horvath (Feb 17)
- Re: incoming NAT/PATs for VPN users Josh (Feb 14)