Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: NAT inside a VPN between PIX and Cisco device

From: "Fernando Allendes" <fallendes () atichile com>
Date: Tue, 27 Jan 2004 16:33:57 -0300
Bill:
        thanks for your help, but our WAN interface is a FastEthernet interface.
        Finally, we decide create an DMZ network with different network segment.
Now we're using a VPN without NAT and only one external IP on PIX.

Se despide ...
Fernando Allendes.



-----Mensaje original-----
De: Dean Davis [mailto:Dean.Davis () mbg-inc com]
Enviado el: Martes, 27 de Enero de 2004 15:16
Para: 'Bill James'; 'Allendes Fernando';
firewall-wizards () honor icsalabs com
Asunto: RE: [fw-wiz] NAT inside a VPN between PIX and Cisco device


Fernando:

I have a similar situation. Have you considered moving your routeable Ips to
the FastEthernet interface of the Cisco router by using "ip unnumbered?"

This feature works if your WAN interface is not a FastEthernet interface.
i.e. Serial WAN interface.

With this configuration, you can still filter ingress/egress traffic on the
WAN interface of the Cisco router, while providing your Cisco PIX with an
external, routeable address. No need for NAT.

I haven't seen an IOS option that allows un-numbering of a FastEthernet to
an internal FastEthernet interface.

Thanks,

Dean Davis, MCSE,MCDBA,CCNA,CNA,N+,Linux+
Sr. Network Engineer
MBG, Inc.
370 Lexington Avenue
New York, NY 10017
P. 212.822.4429
F. 212.822.4499
http://www.mbg-inc.com



-----Original Message-----
From: Bill James [mailto:bubbagates () comcast net]
Sent: Sunday, January 18, 2004 9:58 PM
To: 'Allendes Fernando'; firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] NAT inside a VPN between PIX and Cisco device


Fernado

Try this link for a start

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configura
tion_example09186a0080094498.shtml



-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Allendes
Fernando
Sent: Monday, January 12, 2004 5:29 PM
To: 'firewall-wizards () honor icsalabs com'
Subject: [fw-wiz] NAT inside a VPN between PIX and Cisco device

Hello:
        We are trying to make a VPN between PIX and Cisco device, but using
NAT with the PIX external IP. The picture is like:
  Internal IP ----> PIX (NAT) ----> Internet ----> Cisco Router --->
"Routeable IP"
        Because the Cisco Router have internal and routeable networks, then
we must make a VPN from PIX using NAT inside the VPN.
        At least, we set up such VPN but using two external IPs in the PIX.
        Do you know how we can do it using only one external IP in the PIX ?

Regards,
Fernando Allendes. _______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: