RE: [fw-wiz] Pix vpns nat

• Previous message: abe.usher_at_sharp-ideas.net: "[fw-wiz] Information Security Zeitgeist 2003 (patterns and trends in INFOSEC)"
• Maybe in reply to: Javier Sanchez: "[fw-wiz] Pix vpns nat"
• Next in thread: Javier Sanchez: "RE: [fw-wiz] Pix vpns nat"
• Reply: Javier Sanchez: "RE: [fw-wiz] Pix vpns nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Javier Sanchez" <jsanchez@myalert.com>, <firewall-wizards@honor.icsalabs.com>
Date: Wed, 21 Jan 2004 22:02:06 -0500

Here's what I do:

create a separate access-list for each set of vpn interesting traffic
used in the crypto map.

create a "nonat" access-list that includes all the lines from all of the
above access lists and use it for your "nat (inside) 0 access-list
nonat" command.

HTH.

Josh

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Javier
Sanchez
Sent: Wednesday, January 21, 2004 5:44 AM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Pix vpns nat

Hi all again,

i have allready figure out how to create several vpns, but now im facing
another problem. I need obviously different access lists for each vpn,
but if i try to create a new "nat (inside) o access-list X" the actual
entry on the config got replaced with the new one. Do you know how to
create several ?? Should i include the new access-list into the existig
one ??

Tia
Cheers

Javier Sanchez
Jsanchez@myalert.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: abe.usher_at_sharp-ideas.net: "[fw-wiz] Information Security Zeitgeist 2003 (patterns and trends in INFOSEC)"
• Maybe in reply to: Javier Sanchez: "[fw-wiz] Pix vpns nat"
• Next in thread: Javier Sanchez: "RE: [fw-wiz] Pix vpns nat"
• Reply: Javier Sanchez: "RE: [fw-wiz] Pix vpns nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: NATting both ways ... on my "VPN" network off a PIX 525. ... We are using ip nat inside and ip nat outside on our inside and ... creates a VPN to another router on a remote network. ... crypto map CLIENTMAP client authentication list default ... (comp.dcom.sys.cisco) Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall ... My belief is that your NAT ... My understanding is that IPSec AH protocol does not work with NAT devices ... IPSec operates in either one of two modes - transport mode or tunnel mode. ... provide a VPN remote access solution. ... (microsoft.public.win2000.security) Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall ... I did know you have Linux for NAT and my original suggestions still stand. ... Windows 2000 server through a Linux router with NAT. ... solution has IPsec passthrough, NAT breaks IPsec AH. ... regardless of what vendor you're using for NAT and VPN. ... (microsoft.public.win2000.security) Re: Remote sync with Outlook via WiFi or other alternatives ... more about using VPN & PPTP. ... or are we still running into the same problem with NAT? ... No it's not difficutl to configure Wi-Fi or Cellular on a Pocket PC. ... > ability to sync with the Pocket PC) so you can keep everyone up to date. ... (microsoft.public.pocketpc.activesync) Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall ... external VPN servers? ... > I did know you have Linux for NAT and my original suggestions still stand. ... > solution has IPsec passthrough, ... (microsoft.public.win2000.security)