I have a client with 1 server and 30 workstations. We want to add a IP KVM for the server a model aten KN 1000. The KN 1000 is setup and working local and has a LAN IP setup already.
Clients LAN is 10.10.1.0-255 Subnet 255.255.255.0
The LAN side of the firewall is 10.10.1.254
The WAN side of the firewall is 10.1.10.10
The client is using comcast buisness class internet with a SMC modem. The modem has it's public ip and it has 4 ports with DHCP and it's givign the firewall the 10.1.10.10 address.
They also have another pc that is on this 10.1.10.xxx network (LAN of the Modem) and it is used to admin the modem and report it's status.
Comcast has the option of passing the public ip through to the LAN side ports of the modem and direct into the firewall so the firewall would have the public ip as it's WAN address and not the 10.1.10.10 address.
First question is I assume this is a double NAT setup? Any issues with this? Been running a couple months and no issues they have seen. They like the management capabilty to manage the modem and using the pass through option you lose that and all troubleshooting has to be done on the phone with comcast.
They have a spare modem on site that can be replaced and will auto configure with the current setup but the the passthrough option comcast has to be involved.
The firewall is Cisco WRVS4400N and I am tryinmg to figure out how I can control the IP KVM from the internet. I need to be able to VPN into the network to use the IP KVM but the public address goes to the modem and not the firewall.
How can I setup the VPN to work with this double NAT config so that when I connect via VPN I will be on the 10.10.1.xxx network?
Also how secure is the VPN on the Cisco WRVS4400N? It does not look very robust and does not have any 2 factor authenticaton that I can see?