HI everyone, Sorry, my brain is a little fried, just had our second daughter yesterday :)
We recently bought another branch, and I’ve been tasked with setting up connectivity “like yesterday”. I programmed a Peplink router to establish a site to site VPN and shipped it over. We’re connected now and I can reach their network. Trouble is, our final destination is a network that we need to sign a bunch of paperwork before they’ll change the ACLs. This is all being done, but in the meantime we still need access to fix up a bunch of problems they’re having.
Soooo... what I need to do is NAT all traffic from HQ such that the network behind the branch sees all HQ traffic as an IP from the branch, and lets it through.
The Peplink only allows NAT on the WAN interfaces, so what I had originally planned to do was program a WAN Interface with a LAN IP, and hook it up to the LAN. The VPN would establish, and we could make a NAT rule that any traffic from HQ NATs out of the “WAN” address. This would work, however I can’t make a static route on a WAN interface on the Peplink, so I have no way to push the traffic to our final destination network after it’s been NATed.
I’m thinking I need yet another router on site, hopefully a VM I could spin up on someone’s computer. I would configure it as a router on a stick. I’ll do a static route pointing traffic for the final destination network to this router, which would NAT the traffic and make it appear as the router’s IP instead, which is on a network that is allowed through the ACLs.
Anyone have any better ideas? If not, is there something like Vyatta still around that might be able to accomplish this in a VM I could spin up on Virtual Box on a client PC for now?
Thank you all
No comments:
Post a Comment