[fw-wiz] bypassing PIX limitation


I have a network that is protected by a PIX 515e running 6.3(1). I was
asked to setup a IPSEC VPN with a partner. The partner's security policy
mandates that a remote encryption domain must use IP addresses on a
subnet carved out of their overall IP network range. The network behind
my PIX uses IP addresses on a subnet that is outside of their IP
network. Adding a second IP to my network isn't supported by the PIX OS.
To bypass this limitation I thought of NATing packets going into the VPN
tunnel. I've been looking for documentation for such a scenario, but
can't find anything. Can packets going into a VPN tunnel be NATed?


firewall-wizards mailing list