Pix to pix VPN with Static.. Seems possible.. Is it?

["Paul Matuszewski" <paul () inofficenetworks com>]

have a question.. just want to see if its possible, and perhaps a quick
reference to config.

I have three networks:
A 10.20.30.0 /24
B 192.168.0.0/24
C 192.168.0.0/24

*note the addressing is the same on network B and C

Network A, B, and C are all set up to do dynamic PAT through the one IP
they've been given (typical home user setup, if you will.)

The problem is, I want to communicate with devices on network B and C
from network A. Networks B and C do not need to communicate with
eachother.

Normally, I would just set up an IPSec tunnel between network A and B,
and another tunnel between A and C, and distinguish IPSec tunnel traffic
via an access list,.. This would work fine if network C was some other
subnet, but that is not the case.

What I'm wondering is:
Can I add a static entry for network C for some arbitrary address, and
then do my ip sec tunnel accordingly?

IE
on Pix for network C, I want to communicate with Device 192.168.0.10
from network A.. add this static entry:
static (inside,outside) 10.13.13.10 192.168.0.10 netmask 255.255.255.255

where 10.13.13.10 is the arbitrary address, beloning to 10.13.13.0/24,
and then on pix A, I would just encrypt everything destined for the
10.13.13.10 network?

That should theoretically work, but I'm wondering if anyone has ever
tried it...

Thoughts?

---------------------------

Paul Matuszewski
Systems Administration and Development
In Office Networks
http://www.inofficenetworks.com
V: (516) 620-2559
F: (516) 620-0062
C: (516) 816-4871

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards