cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
226
Views
0
Helpful
2
Replies
tonycerv1
Beginner

Changing Source Address

Hello and thanks for any help, this is my issue:

We have a business partner with their own separate internal network structure and address block. This partner sends packets to us which we advance on to our clients through various VPN tunnels and then back through us to our partner in response from the clients.

We're looking to keep our partner's source addresses out of the equation and make it appear as though all packets are originating from our own internal address space when they're received by our clients. But we obviously also need packets to be returned through the exact same route back to our partner. Is there any kind of translation we can build or relationship we can create between our partner's addresses and our own to allow this?

And if so, will there be any issues between our firewall and the clients' firewalls as far as packets being blocked because their source addresses have been changed or between our firewalls and the partner's firewalls on the way back?

2 REPLIES 2
rais
Rising star

You should be able to NAT your partner's IP space right at the firewall.

HTH.

I did a bad job of framing the question because neither the partner nor the client are to have knowledge of the other's address space:

So let's just say a user at Partner has source IP of 10.0.0.1, destination IP of 172.22.0.1 (our internal address) and a user at Client will send back source IP of 192.168.0.1, destination IP of 172.22.1.1 (our internal address).

I'm trying to figure out if there is a way for us to associate/translate 172.22.0.1 with 192.168.0.1 when we get the packet from Partner so we can send it to Client, and then vice versa to associate/translate 172.22.1.1 with 10.0.0.1 when we get it from Client to send it back to Partner. Kind of like we're a middle-man, IP spoofing liason between the two.

I hope that makes more sense, it's probably not possible anyway.