Cisco VPN/Split Tunneling-Routing one external IP through firewall

[ThisNThat]

First I'm a developer/analyst/etc... I'm not a networking guru so my terminology is probably way off. With a small company sometimes you have to stretch though so I'm becoming more familiar with the infastructure side.

Here is the issue... We have a small internal network and VPN established and working with split tunneling. We also have a external Linux box that is IP permitted.

Today, if someone is working from home and there IP address changes we have to add the new IP address to the linux host. It has been requested that I set up the VPN to redirect the requests to that IP back out through the router so the request is coming from our standard office IP.

I tried adding a new ACE to the split tunneling ACL pointing to the IP addresses of our linux box, but then the requests never made it back out to the general network.

Is this possible?

Appreciate any help.

 

[burtsbees]

Dynamic DSL? You can register a domain name with dyndns.org. That way, you can put the dns name in rather than the IP address.

Burt

 

[ThisNThat]

We have a DNS entry for the site, and use it. But that doesn't change the IP address that I'm comming from to be the one at the office.

Essentially, I want the external Linux Server to recieve the same IP that the user is connecting from as if they are sitting in the office when they are on VPN.

Thanks again.

 

[brianinms]

If you are using a Cisco ASA the solution is called Hairpinning. Essentially you want the client to go out the host sites internet connection and appear to have the same public ip address.

 

[ThisNThat]

Thank you Brian,

We are running a Cisco Pix 515E with 7.2(3) Software.

Based on your note I confirmed from the show config that we have the command "same-security-traffic permit intra-interface" active.

Besides the ACE and same-security-traffic do I also need to add a NAT for that specific address?

Any help greatly appreciated,
ThisNThat