Re: [fw-wiz] full IPSEC tunnels on PIX and NAT ...

From: peter bartoli (peter_at_alphafight.net)
Date: 12/04/03

  • Next message: Wes Noonan: "RE: [fw-wiz] How AAA in PIX Firewall ?"
    To: "Miha Vitorovic" <mvitorovic@nil.si>
    Date: Wed, 3 Dec 2003 16:23:02 -0800
    
    

    On Dec 2, 2003, at 11:38 PM, Miha Vitorovic wrote:
    > For one thing, the PIX can not route out through the same interface,
    > the
    > packet comes into the device.

    Thanks, I was aware of this limitation and should have known it was the
    cause.

    Is it possible to get around this by having a static mapping on the
    outside to another interface of the PIX that I don't need VPNs to
    communicate with, and terminate VPNs on it?

    -peter

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Wes Noonan: "RE: [fw-wiz] How AAA in PIX Firewall ?"

    Relevant Pages

    • Re: Pix 501 Tunnelling problem
      ... You may also need to add the deny rule to your Crypto Access-List ... otherwise the PIX will still try to send the packets over the VPN. ... but the packet never exits the outside interface. ...
      (comp.dcom.sys.cisco)
    • Re: Pix 501 Tunnelling problem
      ... You may also need to add the deny rule to your Crypto Access-List ... otherwise the PIX will still try to send the packets over the VPN. ... but the packet never exits the outside interface. ...
      (comp.dcom.sys.cisco)
    • Re: [fw-wiz] full IPSEC tunnels on PIX and NAT ...
      ... For one thing, the PIX can not route out through the same interface, the ... packet comes into the device. ... if your VPNs terminate on the outside ...
      (Firewall-Wizards)
    • Re: ISA 2004 Routing
      ... goes from the interface where you receive the packet to the interface on ... your network where you want the packet to go. ... > connected to my PIX. ... > I have one NIC setup in the 192.168.1.0 subnet and another NIC setup on ...
      (microsoft.public.isaserver)
    • Re: PIX7.x/ASA and icmp redirects
      ... I'm not certain, but for the PIX at least, I would find it quite ... go with support for ICMP Redirect require that the packet be ... packet through provided that at least one component of the path ... that went back out on the interface. ...
      (comp.dcom.sys.cisco)