dellock6 wrote:If you are going to have proxy only on source site, and you do not want to use a VPN, how are you going to connect the remote ESXi host??? Exposing ESXi via PAT onto internet??? forget it!
A single proxy for wan replication is a bad idea, just like natting instead of a VPN. Out of curiosity, why do you want to avoid VPN between the two sites? Also, you really need to deploy a second proxy on the remote site...
Ok, I give in and forget about PAT (I wasn’t fond of the idea anyway)
The reason that I wanted to avoid VPN is that I want to protect the production end, because the remote site is a shared environment – I won’t allow traffic TO my production site to be initiated FROM the remote site . In my current setup I can’t filter inside the VPN tunnel, but a new router and a whole lot of work will fix that
I’m uncertain about the traffic flow when two proxies are involved. I want to filter inside the site-to-site VPN so that only established traffic from the production end is allowed, will this work?