Hey guys,
I have an interesting proposal that I am working on
for a client of mine. Please see the sample diagram at:
Here is the scenario. I am trying to design a cheap
failover solution. The customer does not want to pay for a full T-1 or even a
frac, so BGP is out of the question with any DSL provider.
As you can see from the diagram the external router
will be doing all the work as far as NATing the UUnet ip addresses to the DSL
provider's addressing scheme. I have a couple of concerns:
1. The customer has a HIDE nat for the internal
network (hides them behind the firewall address). So when I have a static route
on the DSL router to point to the NATes address of the firewall back to the
UUnet router will all the HIDE NATs work? I am not so concerend with all the
static NATs - that should be ok.
2. Second question involves IKE negotiation. If the
remote firewall is setup to negotitate with the actual IP address of the NY
firewall and also the NATted address(in case UUnet is down), will the
negotiation work. I know someone who is doing this with the Cisco VPN
solution.
3. Thidly and probably not lastly - How do I
accomplish what I was talking about in #2 as far as setting up on the remote
firewall to establish tunnels with both (the physical IP address of the firewall
as well as the NATed) If I create another Firewall Object with the NATed Ip
address of the firewall- I think that should work...right?
Thanks for nay help, Eugene
B
|