12-10-2006 09:31 PM - edited 03-11-2019 02:06 AM
Hi All,
I have posted a couple of times on this already, but still cant quite get my head around it as I seem to be getting more confusing.
All i need to do / know that suppose we have a vpn tunnel working on pix506 perfectly and natting is also being performed well and our "hostA" can connect to there "server A".
But now we have to make "host B" connect to "server B", it's not important that we go through the vpn tunnel to make them talk to each other, i mean without the vpn tunnel can ping "server b" from the pix and thats why i suppose it would not be wise to go through the vpn tunnel for this.
Anyways, how do i do that, check the diagram.
12-11-2006 12:27 AM
Hi kasame,
so if i can understand you right, you would like to get connectivity between Host-B and server-B without passing through the tunnel at all??
if that is true, you need to have a static NAT configured for server-B on the partner firewall to a public IP address, you also need to have some sort of translation for host-B as well on the PIX firewall (if PAT is configured that will do fine)
regards,
Shadi`
12-11-2006 12:58 AM
thanks shadi,
but what if i want to pass through the tunnel what should i do?
12-11-2006 04:11 AM
hi,
to do that you need to add the server-B network to the vpn access-list (on both firewalls) that will make the access-list on the PIX look something like this:
permit ip 172.20.2.0 255.255.255.0 10.10.10.0 255.255.255.0 (old line)
permit ip 172.20.2.0 255.255.255.0 1.1.1.0 255.255.255.0 (added new line)
remember that you also need to mirror this access list on the other side to get the tunnel passing both networks.
regards,
Shadi`
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide