Why don't you combine nat with 2 or 3 extra IP's in a dmz.
The road from 1 to 2 would look like this.
c1 ---- NAT--FW------ vpn ------FW--dmz- IP1 / ip2 / ip3 -dmz--- nat --- c2
10.x packet dest ip1/2/3 say 25.x
>
25.x server maps share/port/server to internal ip 10.x
The dmz ip's can map internal c2 servers with shares, caching /forwarding
mail servers etc.
Just a braindunp, maybe tunable. #;-)
Cheers, Martijn
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
