tks

do you know a way to setup a ipsec tunnel on a PIX using something different from a phisical interface ?

This was the reason of my question...

I want use only 1 internet ip address since I have few of these...

There is no mechanism on the PIX to specify a different source address for the IPSec tunnel. I must admit though that I am confused as to why you are trying to do this.

Scott

Hi Scott

it's quite easy. :-)

Since our customer's firewall is connected to internet via our private MPLS network and since our MPLS network provides private ip addressing, I have tought to provide the customer one public ip address to establish the IP SEC tunnel...

But you said the IP SEC tunnel couldn't be established via loopback interface... so do you have other ideas to face this problem ?

tks!

ric

OK, I wasn't thinking along these lines. Very interesting setup.

I can't think of anyway to accomplish what you are trying to do on the PIX. You will most likely need to either establish the tunnel from the router outside the PIX or add a router inside the PIX and allow the IPSec traffc though the PIX to terminate the tunnel.

Sorry I don't have better info on this.

Scott

Hi Scott,

another question.

Since I understood from the previus post that PIX doesn't support loopback interface (with the purpose to open IPsec tunnels), and I have to save piblic ip addressing to connect my router to the outside customer PIX, do u know if PIX support /31 addressing so I save 2 ip addresses versus a /30...

tks

Ric