Firewall Wizards mailing list archives

Re: PIX in multiple IPsec roles

From: Craig Van Tassle <craig () codestorm org>
Date: Thu, 20 Aug 2009 23:50:32 -0500

On Wed, 19 Aug 2009 13:52:53 -0400
Dan Ritter <dsr () tao merseine nu> wrote:


Is there a plausible way to convince a PIX to pass through an
IPsec tunnel to another device while simultaneously being an
endpoint for a different tunnel?

I have sites A, B, and C. Each has a PIX515E with tunnels to the
other two sites.

Now a vendor wants to establish a tunnel to a device inside
PIX A. I seem to be lacking the right keywords to search for
this.

-dsr-


It sounds like your vendor wants a static nat to the their device on
the inside. Can you be a bit more verbose about the network setup. The
PIX should see this traffic as normal traffic. I usually use a unique
public IP for the NAT. 

-- 
"An armed society is a polite society. Manners are good when one may
have to back up his acts with his life." Robert A. Heinlein

"Fear is the father of servitude, and the captor of man. There cannot
be slavery without fear, nor freedom with it."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX in multiple IPsec roles Dan Ritter (Aug 20)
- Re: PIX in multiple IPsec roles Craig Van Tassle (Aug 23)
- Re: PIX in multiple IPsec roles Lordsporkton (Aug 23)