Re: [fw-wiz] incoming NAT/PATs for VPN users

---

• From: Josh <lostman@xxxxxxxxxxxxxx>
• Date: Mon, 12 Feb 2007 09:02:40 -0600

---

You can do this with 7.x I know ( pix and ASA ). Pretty sure you can on
6.x also but don't hold me to that.


Brian Loe wrote:

Lets say company A has a customer, company B. Company A needs to
provide access to several (lets say many) resources within its network
to a thousand or so employees at company B. Seems to me that you could
simply PAT all of company B's connections when they arrive and the
magic of networking should get them routed to the resources you've
allowed them and back without any problem. Is there something I'm
missing here?

Is an incoming PAT not available on, for instance, an ASA? What about
a PIX at 6.x or 7.x? What about incoming NAT pools for over a thousand
possible users? Anything change if they're physically coming in on a
DMZ port as opposed to the outside port - and needing access to
resources in another, lower DMZ port (don't ask why a VPN customer
would be trusted more than company A's web servers, that's just how it
is in this virtual company)?

I know we're not alone in providing VPN access to customers but I'm
virtually convinced everyone else is doing it better. I'm just hunting
real world examples of the "right way" of doing it.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

---

• Follow-Ups:
  • Re: [fw-wiz] incoming NAT/PATs for VPN users
    • From: Brian Loe

• References:
  • [fw-wiz] incoming NAT/PATs for VPN users
    • From: Brian Loe

• Prev by Date: Re: [fw-wiz] TFTP over vpns
• Next by Date: Re: [fw-wiz] TFTP over vpns
• Previous by thread: [fw-wiz] incoming NAT/PATs for VPN users
• Next by thread: Re: [fw-wiz] incoming NAT/PATs for VPN users
• Index(es):
  • Date
  • Thread

---

Relevant Pages [fw-wiz] incoming NAT/PATs for VPN users ... Lets say company A has a customer, company B. Company A needs to ... provide access to several resources within its network ... DMZ port as opposed to the outside port - and needing access to ... (Firewall-Wizards) Re: [fw-wiz] incoming NAT/PATs for VPN users ... provide access to several resources within its network ... What about incoming NAT pools for over a thousand ... DMZ port as opposed to the outside port - and needing access to ... (Firewall-Wizards) Re: Detect open windows shares? ... to know their names is to browse the network neighborhood. ... The WNetOpenEnum function starts an enumeration of network resources or existing connections. ... RESOURCE_CONTEXT Enumerate only resources in the network context of the caller. ... To obtain a description of the error, call the WNetGetLastError function. ... (comp.lang.perl.misc) Re: proper naming of a domain ... The primary reason for not being able to see resources/browse etc during a VPN is that the IPschema of remote network is the same as the LAN that you are connecting to. ... from home I can Connect to the server and it tells me that I am connect to ... resources it tells me that the path cannot be found. ... (microsoft.public.windows.server.sbs) [Full-Disclosure] Authorities eye MSBlaster suspect (long reply) ... Although segments of that network are cordoned off (and I ... the incident which requires the response. ... issues that that the old (and normally less secure) systems shall vanish. ... Recall that security balances against usability and resources. ... (Full-Disclosure)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2007-02