RE: Pix to Pix VPN IPSec w/ PAT

["Justin C. Laporte" <jlaporte () apextechgroup com>]

You only need to create an ACL to allow the two local networks on each side of you PIX's and apply them to a NAT 0 to 
bypass NAT for your IPSEC tunnel. And a Global NAT statement for all your PAT which can even be overloaded on the 
external interface. And in V 6.2(3) you can even DHCP the external interface of the PIX with all this. So business 
grade cable is not even needed nor will you need two address, assuming you can get a static address from your cable 
provider or at least a cable provider that caches your MAC address so that it is embedded in their DHCP scope and you 
most always get the same address you will be fine. The rest of the CRYTPO and ISAKMP configuration for the two devices 
the easiest part.

_____________________________
Justin Laporte CCNA,CCDA, MCP 
Network Architect 
The Apex Technology Group, Inc. 
20 Westminster Street 5th Floor 
Providence, RI 02903 
Office  401-277-3000 
Fax     401-277-1011 
Mobile  401-465-3617 
http://www.apextechgroup.com
mailto:jlaporte () apextechgroup com

The information contained in this email message is confidential and may contain proprietary information. Any review or 
use of the information contained in this email message by persons other than the intended recipient(s) is prohibited. 
If you are not the intended recipient please notify The Apex Technology Group immediately by telephone at 401.277.3000 
and destroy all copies of this message and any attachments. Thank you for your compliance.


 -----Original Message-----
From:   David Zbonski [mailto:dzbonski () hotmail com] 
Sent:   Monday, March 24, 2003 11:03 AM
To:     firewall-wizards () honor icsalabs com
Subject:        Re: [fw-wiz] Pix to Pix VPN IPSec w/ PAT

I know you can reserve static addresses to use, so that you can do PAT for 
other clients and still do IPSEC with a different address.  You will need 2 
(or more) IP addresses from your cable modem provider - which you should be 
able to get with a business class connection.
You probably can PAT the IPSEC traffic - I know for sure that you can do it 
on a regular router with one public IP address by creating a loopback - I 
just don't know the exact commands to do it on a PIX.  Do you have one or 
more IP addresses to work with?


David Zbonski
Zbonski Consulting
http://www.zbonski.com


> Hey all.. newbie to the list here.. but I have a question for you all.
>
> I've looked everywhere, and my cisco rep has yet to get back to me..
>
> Is it possible to perform a CISCO pix501 to pix501 VPN w/ IPSec while still
> utilizing PAT.  The scenario is = Business Cable Modem to Business Cable
> Modem... thoughts?
>
> Thanks a bunch,
> Paul Matuszewski
> Systems Administrator
> In Office Networks
> (305) 799-4871


_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards