05-16-2002 06:50 AM - edited 02-21-2020 11:45 AM
Hi,
While VPN's are great for remote access to corporate networks, NAT seems to kill Windows authentication and domain trusts. So I was wondering if it is possible configure a Router to Router (8 separate locations and 8 separate 1720's in my case) VPN and instead of having internet access setup via NAT on each router in each location have each router "route" internet access through the VPN tunnel to one central router that is configured with NAT. That way a VPN could act like a point to point connection and allow me to centralize Windows logons and management.
Thank you
Jon Cleek
05-23-2002 05:51 AM
It is possible, but depending on your traffic levels you are going to be taxing the central 1720, and creating a possible bandwidth bottleneck.
05-24-2002 10:21 AM
Thanks for the response. Now for my next question, How do I configure the remote routers to route all traffic through the VPN and is there anything special I need to do the central router to get NAT to work correctly?
05-29-2002 08:29 PM
I am not sure I understand your question but we don't use NAT at our remote facilities. The remote facilities all have 172.16.x.x addresses which are NAT 0 in the PIX 501 at the remote site and pulled into the tunnel and pop out at the central location still 172.16.x..x. No NATing is done. The remote devices therefore don't have direct access to the internet, which is also what we want.
No split tunnel.
It takes some planning and if you have a legacy network you might not be able to address things like this. In that case I suggest you contact Jack Daniels.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide