Firewall Wizards mailing list archives

bypassing PIX limitation

From: Paolo Supino <paolo () actcom net il>
Date: Wed, 08 Nov 2006 19:22:56 -0500

Hi

  I have a network that is protected by a PIX 515e running 6.3(1). I was 
asked to setup a IPSEC VPN with a partner. The partner's security policy 
mandates that  a remote encryption domain must use IP addresses on a 
subnet carved out of their overall IP network range. The network behind 
my PIX uses IP addresses on a subnet that is outside of their IP 
network. Adding a second IP to my network isn't supported by the PIX OS. 
To bypass this limitation I thought of NATing packets going into the VPN 
tunnel.  I've been looking for documentation for such a scenario, but 
can't find anything. Can packets going into a VPN tunnel be NATed?







TIA
Paolo

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

bypassing PIX limitation Paolo Supino (Nov 09)
- <Possible follow-ups>
- Re: bypassing PIX limitation Horvath, Kevin M. (Nov 09)
  - Re: bypassing PIX limitation Paolo Supino (Nov 09)
    - Re: bypassing PIX limitation Josh (Nov 09)
- Re: bypassing PIX limitation David Swafford (Nov 09)
  - Re: bypassing PIX limitation Paolo Supino (Nov 11)
    - Re: bypassing PIX limitation Marcus J. Ranum (Nov 11)
    - Re: bypassing PIX limitation Chris Blask (Nov 11)
    - Help Dave Piscitello (Nov 15)
    - Re: Help Utz, Ralph (Nov 15)
    - Re: Help Aaron Smith (Nov 15)

(Thread continues...)