You can do this with 7.x I know ( pix and ASA ). Pretty sure you can on
6.x also but don't hold me to that.
Brian Loe wrote:
> Lets say company A has a customer, company B. Company A needs to
> provide access to several (lets say many) resources within its network
> to a thousand or so employees at company B. Seems to me that you could
> simply PAT all of company B's connections when they arrive and the
> magic of networking should get them routed to the resources you've
> allowed them and back without any problem. Is there something I'm
> missing here?
>
> Is an incoming PAT not available on, for instance, an ASA? What about
> a PIX at 6.x or 7.x? What about incoming NAT pools for over a thousand
> possible users? Anything change if they're physically coming in on a
> DMZ port as opposed to the outside port - and needing access to
> resources in another, lower DMZ port (don't ask why a VPN customer
> would be trusted more than company A's web servers, that's just how it
> is in this virtual company)?
>
> I know we're not alone in providing VPN access to customers but I'm
> virtually convinced everyone else is doing it better. I'm just hunting
> real world examples of the "right way" of doing it.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|