RE: [fw-wiz] Pix vpns nat

• Previous message: David Klein: "RE: [fw-wiz] Netscreen reverting to default config"
• In reply to: Joshua Vince: "RE: [fw-wiz] Pix vpns nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Joshua Vince <Josh.Vince@bcgsys.com>
Date: Thu, 22 Jan 2004 11:20:13 +0100

Thanks,

i was a little confused with the nat 0 access-list, but then i realized
that i should use the vpn match option to select trafic interesting for
it. Everything is working now, thanks all .-))

Cheers

On Thu, 2004-01-22 at 04:02, Joshua Vince wrote:
> Here's what I do:
>
> create a separate access-list for each set of vpn interesting traffic
> used in the crypto map.
>
> create a "nonat" access-list that includes all the lines from all of the
> above access lists and use it for your "nat (inside) 0 access-list
> nonat" command.
>
> HTH.
>
> Josh
>
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com
> [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Javier
> Sanchez
> Sent: Wednesday, January 21, 2004 5:44 AM
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Pix vpns nat
>
>
>
> Hi all again,
>
> i have allready figure out how to create several vpns, but now im facing
> another problem. I need obviously different access lists for each vpn,
> but if i try to create a new "nat (inside) o access-list X" the actual
> entry on the config got replaced with the new one. Do you know how to
> create several ?? Should i include the new access-list into the existig
> one ??
>
>
> Tia
> Cheers
>
> Javier Sanchez
> Jsanchez@myalert.com
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

-- 
------------------------------
Javier Sanchez
System Administrator
MyAlert.com
a Buongiorno Vitaminic Company
jsanchez@myalert.com
Telf: +34 91 141 51 00
FAX. +34 91 667 39 51
-------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• application/pgp-signature attachment: This is a digitally signed message part

• Previous message: David Klein: "RE: [fw-wiz] Netscreen reverting to default config"
• In reply to: Joshua Vince: "RE: [fw-wiz] Pix vpns nat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: NATting both ways ... on my "VPN" network off a PIX 525. ... We are using ip nat inside and ip nat outside on our inside and ... creates a VPN to another router on a remote network. ... crypto map CLIENTMAP client authentication list default ... (comp.dcom.sys.cisco) Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall ... My belief is that your NAT ... My understanding is that IPSec AH protocol does not work with NAT devices ... IPSec operates in either one of two modes - transport mode or tunnel mode. ... provide a VPN remote access solution. ... (microsoft.public.win2000.security) Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall ... I did know you have Linux for NAT and my original suggestions still stand. ... Windows 2000 server through a Linux router with NAT. ... solution has IPsec passthrough, NAT breaks IPsec AH. ... regardless of what vendor you're using for NAT and VPN. ... (microsoft.public.win2000.security) Re: Remote sync with Outlook via WiFi or other alternatives ... more about using VPN & PPTP. ... or are we still running into the same problem with NAT? ... No it's not difficutl to configure Wi-Fi or Cellular on a Pocket PC. ... > ability to sync with the Pocket PC) so you can keep everyone up to date. ... (microsoft.public.pocketpc.activesync) Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall ... external VPN servers? ... > I did know you have Linux for NAT and my original suggestions still stand. ... > solution has IPsec passthrough, ... (microsoft.public.win2000.security)