Firewall Wizards mailing list archives
RE: Pix to Pix VPN IPSec w/ PAT
From: "Justin C. Laporte" <jlaporte () apextechgroup com>
Date: Mon, 24 Mar 2003 11:46:01 -0500
You only need to create an ACL to allow the two local networks on each side of you PIX's and apply them to a NAT 0 to bypass NAT for your IPSEC tunnel. And a Global NAT statement for all your PAT which can even be overloaded on the external interface. And in V 6.2(3) you can even DHCP the external interface of the PIX with all this. So business grade cable is not even needed nor will you need two address, assuming you can get a static address from your cable provider or at least a cable provider that caches your MAC address so that it is embedded in their DHCP scope and you most always get the same address you will be fine. The rest of the CRYTPO and ISAKMP configuration for the two devices the easiest part. _____________________________ Justin Laporte CCNA,CCDA, MCP Network Architect The Apex Technology Group, Inc. 20 Westminster Street 5th Floor Providence, RI 02903 Office 401-277-3000 Fax 401-277-1011 Mobile 401-465-3617 http://www.apextechgroup.com mailto:jlaporte () apextechgroup com The information contained in this email message is confidential and may contain proprietary information. Any review or use of the information contained in this email message by persons other than the intended recipient(s) is prohibited. If you are not the intended recipient please notify The Apex Technology Group immediately by telephone at 401.277.3000 and destroy all copies of this message and any attachments. Thank you for your compliance. -----Original Message----- From: David Zbonski [mailto:dzbonski () hotmail com] Sent: Monday, March 24, 2003 11:03 AM To: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Pix to Pix VPN IPSec w/ PAT I know you can reserve static addresses to use, so that you can do PAT for other clients and still do IPSEC with a different address. You will need 2 (or more) IP addresses from your cable modem provider - which you should be able to get with a business class connection. You probably can PAT the IPSEC traffic - I know for sure that you can do it on a regular router with one public IP address by creating a loopback - I just don't know the exact commands to do it on a PIX. Do you have one or more IP addresses to work with? David Zbonski Zbonski Consulting http://www.zbonski.com
Hey all.. newbie to the list here.. but I have a question for you all. I've looked everywhere, and my cisco rep has yet to get back to me.. Is it possible to perform a CISCO pix501 to pix501 VPN w/ IPSec while still utilizing PAT. The scenario is = Business Cable Modem to Business Cable Modem... thoughts? Thanks a bunch, Paul Matuszewski Systems Administrator In Office Networks (305) 799-4871
_________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Pix to Pix VPN IPSec w/ PAT Paul Matuszewski (Mar 24)
- Re: Pix to Pix VPN IPSec w/ PAT John Adams (Mar 24)
- Re: Pix to Pix VPN IPSec w/ PAT Dave Rinker (Mar 24)
- <Possible follow-ups>
- Re: Pix to Pix VPN IPSec w/ PAT David Zbonski (Mar 24)
- RE: Pix to Pix VPN IPSec w/ PAT Brian A Kee (Mar 24)
- RE: Pix to Pix VPN IPSec w/ PAT Justin C. Laporte (Mar 24)
- Re: Pix to Pix VPN IPSec w/ PAT Mike Hoskins (Mar 24)