I have a bit of a special rewuirement which I am thinking to achieve with RRAS 2008 R2.
Requirement:
we are operating a Class C supernet 192.168.0.0/21 within our LAN. All server, computers, any other devices have a 255.255.248.0 mask so for them this is all one network seggemnt starting with 192.168.0.1 and ending with 192.168.7.254.
We run some IPSec Tunnels betwenn our site and some customers. Some of the different cusotmers only allow connections from the source 192.168.1.0/24 or only from certain private IP's even. Till now I made sure that the client computers in charge have an IP from the specific allowed cusomter range as long they work on that project. But this is quite a lot of maintenance and less flexible. OUr employees are starting to have more and more the necessity of switching between customers during the day.
NOw I'd like to handle this cetrally so that I set upa routing server with NAT which gets some rules like:
customer1 network --> route through 192.168.1.1 (NAT)
customer2 network --> route through 192.168.2.1 (NAT)
customer3 network --> route through 192.168.3.1 (NAT)
This owuld make sure that if I centrally deploy static routes for the certain customer segments to my DHCP clients to use that router, else do not use this router but the def. gw. and teh router would route correctly and also would NAT the source IP my cusotmers wold allow the access because it comes from a valid source IP.
I played arround a litte bit with RRAS Routing and NAT but with no success. One of the challenges here is that I have to have different NIC's but all of them belonging physically and logically to my private network segment. This isn't a common scenario, all re. NAT I find is dealing with Internet etc. I know that, but my requirement is different. At teh end of the day once the client soruce IP is hidden by NAT it will be routet through my firewall and the IPSec tunnel to the customer network anyway.
Can I use RRAS for my scenario or has anyone a better approach?
Kind regards, Dieter