Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Another Newbie Question: Changing static NAT

net123_
New Contributor
‎09-07-2012 09:39:AM
‎09-07-2012 09:39:AM

Another Newbie Question: Changing static NAT

 

hi eveyone

 

i have a Juniper SA on a DMZ network connected to a firewall (see attachment), and VPN users currently connect to an outside network address on the firewall (eg. 10.1.1.1) which the firewall then statically NATs to the actual address of the Juniper SA on the DMZ network (eg. 20.1.1.1).

 

i am going to have to change the ip addressing on the outside network (eg. to 11.1.1.0/24) and users will now have to connect to address 11.1.1.1 (instead of 10.1.1.1) which will be statically NATted to the Juniper SA adress on the DMZ network (20.1.1.1).

 

(so no change in the DMZ network addressing of the Juniper SA).

 

someone mentioned that this might cause issues for VPN users connecting to the Juniper SA (something to do with certificates?), but i think the change shouldn't affect the VPN users (except to cause them to browse to 11.1.1.1 instead of 10.1.1.1 in order to connect to the Juniper SA).

 

am i correct, or will this change in address to which VPN users connect cause issues (taking into account that only the config of the firewall is changing, and there will not be any changes to config of the Juniper SA)?????

 

thanks a lot for your help in advance!

 

0 Kudos
2 REPLIES 2
terosa_
Not applicable
‎09-08-2012 02:32:AM
‎09-08-2012 02:32:AM

Re: Another Newbie Question: Changing static NAT

Most likely the users are connecting to the SSLVPN with name like https://sslvpn.company.com instead of IP (https://10.1.1.1) at the moment. And when you change the IP address in the firewall, you will also need to ask people running the DNS for company.com to change the sslvpn.company.com to point to the new IP address (11.1.1.1). I dont know if this is the case but it would make sense. You usually order SSL certificate from trusted author like Verisign and it's usually bound to a name (like sslvpn.company.com) because then changing the IP of the server (sslvpn in this case) doesnt force you to order a new certificate, since they are not free.

 

And to your question, no, the change in the firewall should not affect the users otherwise than forces them to use the new address. Assuming that they are using IP address to connect to SSLVPN instead of the name..

0 Kudos
net123_
New Contributor
‎09-10-2012 03:21:AM
‎09-10-2012 03:21:AM

Re: Another Newbie Question: Changing static NAT

thanks!

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.