Translation through VPN-WAN

joshuamarius

I have an interesting situation and would like to know if the following is possible:

Site 1 Houses a VoIP Server; gives access to Site 2's Public IP and TCP 8887 Management Port Only (No access to non-SonicWall FIrewall or other parts of it's network).
Site 2 is an office with a SonicWall/static IP; access to VoIPs Server's Management interface can be accessed by:

http://site2.hostname:8887

Site 3 is managed by a SonicWall and has a Site-To-Site VPN to Site 2, with full access to Firewall and all Subnets, but no access to Site 3. So the question is, what can be done so that Site 3 can type http://site2.hostname:8887/ and also access Site 1…maybe through the VPN Tunnel, then mask itself as the public IP for Site 2, which is allowed access?

Is this possible?

Thanks.

Arkwright

You can do a NAT policy to handle this but it would be bidirectional NAT in the sense that Site 1 would see the connection originating from Site 2's IP rather than Site 3's.

The alternative to NAT is to route the traffic between sites over VPN tunnels, although I think when you say "No access to non-Sonicwall firewall" you mean you don't have admin access to it? In which case, you can't do that.

joshuamarius

Thanks so much for taking the time to answer.

1. What would this Bi-Directional Policy look like?
2. The Non-SonicWall Site (3) has limited options unfortunately. They would not do a VPN and only opened the port to the static public IP of Site 2 and would not allow for anything else.

Thanks again.

Arkwright

http://help.sonicwall.com/help/sw/eng/9520/25/9/0/content/Ch35_Network_NAT_Policies.039.05.html

Your NAT policy will need to have the "Translated Source" set to an IP on the Site 2's firewall, and "Translated Destination" would be whatever "site2.hostname" is,