Hi all,
I need to reach a remote server that dials in via OpenVPN client from my internal LANs. As SSLVPN does not provide static IPs for clients, I helped with using a local IP and DNAT to forward traffic like
SRC:LAN - Svc:SSH - DST:MyLocalNATHelperIP // DNAT to DST:MyServer(UserNetwork)
that works fine, as long as I have MyLocalNAThelper defined as an additional IP Address. But if the remote host is down, the local IP will answer all traffic anyway. I think a more elegant solution would be ARP Proxy for the DNAT, so the ASG will answer the traffic for the Helper IP, but not answer the SSH traffic with its management Shell. Is there a way for this "selective Proxy ARP"? All I found is Proxy Arp on local IF, but I dont want to answer ARP for ALL attached networks, but only the Helper IP
Hope I could express what I need....
Thanks in advance!
I need to reach a remote server that dials in via OpenVPN client from my internal LANs. As SSLVPN does not provide static IPs for clients, I helped with using a local IP and DNAT to forward traffic like
SRC:LAN - Svc:SSH - DST:MyLocalNATHelperIP // DNAT to DST:MyServer(UserNetwork)
that works fine, as long as I have MyLocalNAThelper defined as an additional IP Address. But if the remote host is down, the local IP will answer all traffic anyway. I think a more elegant solution would be ARP Proxy for the DNAT, so the ASG will answer the traffic for the Helper IP, but not answer the SSH traffic with its management Shell. Is there a way for this "selective Proxy ARP"? All I found is Proxy Arp on local IF, but I dont want to answer ARP for ALL attached networks, but only the Helper IP
Hope I could express what I need....
Thanks in advance!