Assistance with VPN and SMTP NAT configuration

[lar...@nospam.com]

We have been running a BM VPN and firewall configuration for awhile
with no issue. I have Dynamic NAT configured on my private interface
and had it disabled on the public one. This server is primarily used
for VPN access. Now I want to set up a Gwia to send email itself (no
mail proxy) but receive via the proxy. I have no problem getting it
to use teh proxy both ways. I can get this working if I enable
dynamic nat on the public interface and disable it on my private, but
that breaks my internal VPN connectivity. I'm obviously missing
something. nat dynamic mode pass thru is set to on.

Any suggestions?

[Craig Johnson]

In article <JuJAb.780$og5...@prv-forum2.provo.novell.com>, wrote:
> I'm obviously missing
> something.
>

No, you are not. Dynamic NAT on the private IP address of the server
is only used on a dedicated Client-Site VPN server, because it breaks
pretty much everything else. You only do this NAT trick to fix a
routing issue, and it is only needed if the BMgr server is not the
default gateway for the rest of the network.

You need to set up a second server, or get BMgr 3.8, which doesn't have
the same routing limitations as earlier version with Client-Site VPN.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

[lar...@nospam.net]

a second BMgr server you mean? I guess my other choice would be to
run the GWIA on the BM server?

Thanks for your help.

[Craig Johnson]

In article <upm9tvcf12ruek4jm...@4ax.com>, wrote:
> a second BMgr server you mean?

Yes.

> I guess my other choice would be to
> run the GWIA on the BM server?

That would also work.