RE: [fw-wiz] NAT inside a VPN between PIX and Cisco device
From: Fernando Allendes (fallendes_at_atichile.com)
Date: 01/27/04
- Previous message: Dean Davis: "RE: [fw-wiz] NAT inside a VPN between PIX and Cisco device"
- In reply to: Dean Davis: "RE: [fw-wiz] NAT inside a VPN between PIX and Cisco device"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Dean Davis'" <Dean.Davis@mbg-inc.com>, "'Bill James'" <bubbagates@comcast.net>, <firewall-wizards@honor.icsalabs.com> Date: Tue, 27 Jan 2004 16:33:57 -0300
Bill:
thanks for your help, but our WAN interface is a FastEthernet interface.
Finally, we decide create an DMZ network with different network segment.
Now we're using a VPN without NAT and only one external IP on PIX.
Se despide ...
Fernando Allendes.
-----Mensaje original-----
De: Dean Davis [mailto:Dean.Davis@mbg-inc.com]
Enviado el: Martes, 27 de Enero de 2004 15:16
Para: 'Bill James'; 'Allendes Fernando';
firewall-wizards@honor.icsalabs.com
Asunto: RE: [fw-wiz] NAT inside a VPN between PIX and Cisco device
Fernando:
I have a similar situation. Have you considered moving your routeable Ips to
the FastEthernet interface of the Cisco router by using "ip unnumbered?"
This feature works if your WAN interface is not a FastEthernet interface.
i.e. Serial WAN interface.
With this configuration, you can still filter ingress/egress traffic on the
WAN interface of the Cisco router, while providing your Cisco PIX with an
external, routeable address. No need for NAT.
I haven't seen an IOS option that allows un-numbering of a FastEthernet to
an internal FastEthernet interface.
Thanks,
Dean Davis, MCSE,MCDBA,CCNA,CNA,N+,Linux+
Sr. Network Engineer
MBG, Inc.
370 Lexington Avenue
New York, NY 10017
P. 212.822.4429
F. 212.822.4499
http://www.mbg-inc.com
-----Original Message-----
From: Bill James [mailto:bubbagates@comcast.net]
Sent: Sunday, January 18, 2004 9:58 PM
To: 'Allendes Fernando'; firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] NAT inside a VPN between PIX and Cisco device
Fernado
Try this link for a start
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configura
tion_example09186a0080094498.shtml
-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Allendes
Fernando
Sent: Monday, January 12, 2004 5:29 PM
To: 'firewall-wizards@honor.icsalabs.com'
Subject: [fw-wiz] NAT inside a VPN between PIX and Cisco device
Hello:
We are trying to make a VPN between PIX and Cisco device, but using
NAT with the PIX external IP. The picture is like:
Internal IP ----> PIX (NAT) ----> Internet ----> Cisco Router --->
"Routeable IP"
Because the Cisco Router have internal and routeable networks, then
we must make a VPN from PIX using NAT inside the VPN.
At least, we set up such VPN but using two external IPs in the PIX.
Do you know how we can do it using only one external IP in the PIX ?
Regards,
Fernando Allendes. _______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Dean Davis: "RE: [fw-wiz] NAT inside a VPN between PIX and Cisco device"
- In reply to: Dean Davis: "RE: [fw-wiz] NAT inside a VPN between PIX and Cisco device"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
