I'm looking into recommending a design for a clearing bank whose customers are other banks and where private IP addresses cannot be shared between the entities.
The customers are using View client and connect to the clearing bank where the View infrastructure is located through a double NAT tunnel. Neither party knows the private IP addresses of the other. The clearing bank does not want to use security servers.
The connection from the View Client should go through the secure gateways of the Connection server.
Can this configuration work ? Has anyone done this ?
Also the clearing bank wants to detect the 'originating IP address' (NATTED) for each user in order to validate the connection request.
Any input is appreciated.