Firewall Wizards mailing list archives
Re: PIX in multiple IPsec roles
From: Craig Van Tassle <craig () codestorm org>
Date: Thu, 20 Aug 2009 23:50:32 -0500
On Wed, 19 Aug 2009 13:52:53 -0400 Dan Ritter <dsr () tao merseine nu> wrote:
Is there a plausible way to convince a PIX to pass through an IPsec tunnel to another device while simultaneously being an endpoint for a different tunnel? I have sites A, B, and C. Each has a PIX515E with tunnels to the other two sites. Now a vendor wants to establish a tunnel to a device inside PIX A. I seem to be lacking the right keywords to search for this. -dsr-
It sounds like your vendor wants a static nat to the their device on the inside. Can you be a bit more verbose about the network setup. The PIX should see this traffic as normal traffic. I usually use a unique public IP for the NAT. -- "An armed society is a polite society. Manners are good when one may have to back up his acts with his life." Robert A. Heinlein "Fear is the father of servitude, and the captor of man. There cannot be slavery without fear, nor freedom with it." _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX in multiple IPsec roles Dan Ritter (Aug 20)
- Re: PIX in multiple IPsec roles Craig Van Tassle (Aug 23)
- Re: PIX in multiple IPsec roles Lordsporkton (Aug 23)