You can do this with 7.x I know ( pix and ASA ). Pretty sure you can on
6.x also but don't hold me to that.

Brian Loe wrote:
> Lets say company A has a customer, company B. Company A needs to
> provide access to several (lets say many) resources within its network
> to a thousand or so employees at company B. Seems to me that you could
> simply PAT all of company B's connections when they arrive and the
> magic of networking should get them routed to the resources you've
> allowed them and back without any problem. Is there something I'm
> missing here?
> Is an incoming PAT not available on, for instance, an ASA? What about
> a PIX at 6.x or 7.x? What about incoming NAT pools for over a thousand
> possible users? Anything change if they're physically coming in on a
> DMZ port as opposed to the outside port - and needing access to
> resources in another, lower DMZ port (don't ask why a VPN customer
> would be trusted more than company A's web servers, that's just how it
> is in this virtual company)?
> I know we're not alone in providing VPN access to customers but I'm
> virtually convinced everyone else is doing it better. I'm just hunting
> real world examples of the "right way" of doing it.
> _______________________________________________
> firewall-wizards mailing list

firewall-wizards mailing list