On our network, we are hiding DHCP clients behind
the firewall's external ip. On the servers and some clients with fixed ips, we
static nat them to their own external ip address for outside access
etc...
We also use an VPN client (made by Nortel) that
uses ipsec authentication to connect to the isp for uploading files to
production website.
Rules that allows this kind of traffic is as
follow:
SOURCE
DESTINATION
SERVICE
LOCAL-NET (internal
network)
ANY ANY
ISP EXTRANET SWITCH
IP ANY
IPSEC
Authentication is succeeded only if the client is
not being hidden behind the firewall external ip. Meaning it will work only for
the statically nated clients behind their own public ip.
Looks like it will only authenticate one to one
static nated client and not many to one.
I hope I am making sense. Can someone please
explain why authentication works only for static nated clients not behind the
firewall's external ip?
Thanks in advance.
|