Internal lab with NAT

J

jadams

2[H]4U
Joined
Mar 14, 2010
Messages
4,086
I need to setup a test lab for our software that involves some of the components traversing NAT and/or connecting through VPN.

Setting that all up is the easy part. But if the lab components have to traverse NAT to get to some of the servers, it means I will too.

The basic layout will be:

test customer site <------>pfsense <-----(simulated WAN)-----> pfsense <----> test internal network.

The pfsense's are used simply because I can virtualize it and there needs to be some sort of NAT going on. This is probably the easiest way to achieve that.

Now with the sites at both ends hanging out behind NAT. Whats the best way I can access these machines? I'd rather NOT use vsphere to access them, but I realize if all else fails I may have to.

Thanks.
 
So you need the test site to be able to communicate with the test internal network? Could you not just create a VPN tunnel?
 
yea getting the two sites to talk to each other isnt really the problem. i assumed a vpn tunnel between the two.

my problem exists when I will need to access these system from within our normal network.
 
Unless someone can come up with a better way I've conclude I'm going to have to add an interface to each of the pfsense routers that will offer me a route past both NAT's.

I'll need firewall rules on both pfsense preventing any traffic at all from getting OUT those interfaces as well. I need the PC's behind them to not inadvertantly take a route around the WAN's by passing the NAT. The communication MUST go through the NAT, otherwise its not simulating what we need the lab for.
 
Couldn't you just add another NIC in your computer and tie that to a Virtual Machine? And have your production OS use your primary NIC on the existing network? If you are the only one that is worried about the effect.
 
OK so if I have this right you want to have a test site in your lab on its own network. This will be a VPN to your other site. And you want to be able to remote in from your computer to the lab with your computer on a third and existing network?

If that's the case run two VPN tunnels at the lab, one for the other site and one for you. Then configure your router to VPN. Or if your router has VPN user administration use that and VPN tunnel from your machine to the router.

Or if you are dead set on your way just do it.
 
You must log in or register to reply here.
Back
Top