NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] failover with NATting



Hey guys,
 
I have an interesting proposal that I am working on for a client of mine. Please see the sample diagram at:
 
 
Here is the scenario. I am trying to design a cheap failover solution. The customer does not want to pay for a full T-1 or even a frac, so BGP is out of the question with any DSL provider.
 
As you can see from the diagram the external router will be doing all the work as far as NATing the UUnet ip addresses to the DSL provider's addressing scheme. I have a couple of concerns:
 
1. The customer has a HIDE nat for the internal network (hides them behind the firewall address). So when I have a static route on the DSL router to point to the NATes address of the firewall back to the UUnet router will all the HIDE NATs work? I am not so concerend with all the static NATs - that should be ok.
 
2. Second question involves IKE negotiation. If the remote firewall is setup to negotitate with the actual IP address of the NY firewall and also the NATted address(in case UUnet is down), will the negotiation work. I know someone who is doing this with the Cisco VPN solution.
 
3. Thidly and probably not lastly - How do I accomplish what I was talking about in #2 as far as setting up on the remote firewall to establish tunnels with both (the physical IP address of the firewall as well as the NATed) If I create another Firewall Object with the NATed Ip address of the firewall- I think that should work...right?
 
Thanks for nay help, Eugene B


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.