Thread: B2B VPNs and NAT to Public IPs
View Single Post
  #5 (permalink)  
Old 2006-09-21
RobertGraham RobertGraham is offline
Senior Member
  
Join Date: 2006-02-02
Posts: 204
Rep Power: 3
RobertGraham has an average reputation (10+)
Send a message via MSN to RobertGraham Send a message via Yahoo to RobertGraham
Default Re: B2B VPNs and NAT to Public IPs
You have a huge error:

Based upon the above configuration, the 10.1.1.1 and 10.1.1.2 computers on my internal network would then be able to FTP to the 10.1.1.1 computer on the XYZ side of the VPN tunnel by means of the 330.22.22.1 address. ...

You are forgetting to NAT your addresses going out. This is necessary, otherwise the receiver will see the packet as coming from itself. That is to say, when your host sends it out the packet will be:

Src:10.1.1.1 Dst: 330.22.22.1; while the receiver will see Src:10.1.1.1 Dst: 10.1.1.1.

This won't work because it can't send traffic back since it thinks the packets are coming from itself (or more strictly spoofed coming in the Ethernet interface instead of from the kernel).

You have to NAT your network too. Once you do that, it should work no problem.
Reply With Quote