I need some suggestions on how to handle interconnectivity between two very large enterprises. Both companies are using most of the RFC-1918 address space and have an MPLS connection between their two data centres. The plan at this point is to use RFC-6598 addresses for NAT, but the problem is that both organizations are too large to be doing 1:1 NAT. We are presently looking at F5 or Netscaler to do DNS rewrite.
What we want to achieve is, a USER-A from ABC needs to access a resource at XYZ, say server1.xyz.com. USER-A sends a DNS query to dns.abc.com. Then dns.abc.com forwards the query to something (F5, Netscaler, other?), who then forwards the request to dns.xyz.com. The result for server1.xyz.com is 10.1.1.1. When the F5/Netscaler/Other receives the result, he rewrites the IP to 100.64.1.1 and sends that result back to USER-A. I am pretty sure this is possible, if yes, what should I be googling for more info?
Now the harder part, how can the firewalls allow traffic for the new translated IP address if we are doing this dynamically and not 1:1 NAT. Presently there is a mix of ASA, FTD, and Palo Alto available.
Does anyone have other ideas or suggestions on how to achieve the desired end result? Thanks in advance to anyone who takes the time to respond.
No comments:
Post a Comment