Thread: NATing src & dst for site-to-site AND SecureClient
View Single Post
  #3 (permalink)  
Old 2007-03-12
MarioL MarioL is offline
Senior Member
  
Join Date: 2007-01-18
Location: London
Posts: 375
Rep Power: 2
MarioL has an average reputation (10+)
Default Re: NATing src & dst for site-to-site AND SecureClient
There is something you can try. Edit your firewall properties, go to the "Remote Access" tab.

If you can check the Hub Mode Configuration, that means that all traffic will be forced down to the firewall. This would mean that traffic to the 99.99.99.99 server would also come through the client-to-site VPN. From there it would go back into the site-to-site VPN.

You would need to NAT the SR connections with the Hide NAT too, so you might need to change your NAT rule to be:
Internal+IP pool | 99.99.99.99 | any | Hide IP | = | =

Important note: Hub mode means all SR traffic comes to the firewall, it may not be ideal for you... this means they will access the web via the firewall, etc.

If that isn't acceptable, then you can do the NAT thing you mention.
Reply With Quote