[isapros] Re: VPN: Nat or Route?
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Sat, 22 Jul 2006 17:02:08 -0700
The decision to route or NAT isn't ever clear-cut.
1. If you need domain association between siteA and siteB, you
*cannot* use NAT
2. If you cannot alter the routing structure at siteA or siteB,
you *cannot* use route
In order for a route relationship to function properly, both ends of the
test *must* use each end of the VPN chain as a router to the other side.
The other thing to remember is that ISA NAT isn't symmetrical.
IOW, hosts in "local" have to access hosts in "remote" by using a remote
ISA external IP and there must be one IP for every "remote" host.
Jim Harrison
jim@xxxxxxxxxxxx
www.isatools.org
Sent using Vista Beta 2 and Office 12 Beta 2 (aincha jealous?)
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: Saturday, July 22, 2006 5:57 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] VPN: Nat or Route?
When creating a site-to-site VPN how do I know whether to choose Route
or NAT?
Here's the current situation I'm working with. Need to setup
site-to-site VPN. The remote site houses an accounting package. The
local site runs a Telnet window to access it. There are multiple users
at the local site that will be using this app. The remote site needs to
be able to LPR print to the local site.
Using Route, the server can ping through to the remote network but the
workstations can't. Remote site can print. Local site can't access the
app.
Using NAT, workstations can ping through to the remote network and run
the app. But the remote site can't print to the local site.
Thanks,
Amy
All mail to and from this domain is GFI-scanned.
Other related posts:
