[fw-wiz] bypassing PIX limitation
- From: Paolo Supino <paolo@xxxxxxxxxxxxx>
- Date: Wed, 08 Nov 2006 19:22:56 -0500
I have a network that is protected by a PIX 515e running 6.3(1). I was
asked to setup a IPSEC VPN with a partner. The partner's security policy
mandates that a remote encryption domain must use IP addresses on a
subnet carved out of their overall IP network range. The network behind
my PIX uses IP addresses on a subnet that is outside of their IP
network. Adding a second IP to my network isn't supported by the PIX OS.
To bypass this limitation I thought of NATing packets going into the VPN
tunnel. I've been looking for documentation for such a scenario, but
can't find anything. Can packets going into a VPN tunnel be NATed?
firewall-wizards mailing list