|
| Sorry guys,
maybe the question has been already posted but I would like to clearly distinguish whether the following scenario could
accept both the solutions or I need without no doubts the LAN-to-LAN.
Imagine you have 2 LANs or 2 groups of LANs (say A that offers services and the other one (B) that access A resources)
located behind 2 devices doing NAT: it is quite simple, that's the most common scenario.
Would be possible to use software clients installed on workstations belonging to network B accessing the same endpoint
(the public endpoint of A LAN) using IPsec?
I don't think so because IPsec uses UDP 500 port as the source port and traffic coming from the same public IP will have
packets authenticated in different manners. So the A endpoint will think that some one is trying to substitute to the
first endpoint that initiated the tunnel.
Please, tell me whether my idea is wrong or not. We have been giving services to our customers and we have been facing
their lack of understanding on the reason we want to install routers at their site (if they don't have any devices that
permit to build a VPN or they haven't the knowledge to do that) when they have more than one workstation that needs to
access our resources.
I apologize for my English but if you have some documents that explains what I wrote about reporting why someone needs
to have a LAN to LAN scenario instead of a lot of software clients I shall really appreciate it.
Many thanks
Alex.
|
|