cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
631
Views
0
Helpful
3
Replies

pix nat with tunnel

kasame141006
Beginner
Beginner

Hi All,

I have posted a couple of times on this already, but still cant quite get my head around it as I seem to be getting more confusing.

All i need to do / know that suppose we have a vpn tunnel working on pix506 perfectly and natting is also being performed well and our "hostA" can connect to there "server A".

But now we have to make "host B" connect to "server B", it's not important that we go through the vpn tunnel to make them talk to each other, i mean without the vpn tunnel can ping "server b" from the pix and thats why i suppose it would not be wise to go through the vpn tunnel for this.

Anyways, how do i do that, check the diagram.

3 Replies 3

CSCO10723456
Beginner
Beginner

Hi kasame,

so if i can understand you right, you would like to get connectivity between Host-B and server-B without passing through the tunnel at all??

if that is true, you need to have a static NAT configured for server-B on the partner firewall to a public IP address, you also need to have some sort of translation for host-B as well on the PIX firewall (if PAT is configured that will do fine)

regards,

Shadi`

thanks shadi,

but what if i want to pass through the tunnel what should i do?

hi,

to do that you need to add the server-B network to the vpn access-list (on both firewalls) that will make the access-list on the PIX look something like this:

permit ip 172.20.2.0 255.255.255.0 10.10.10.0 255.255.255.0 (old line)

permit ip 172.20.2.0 255.255.255.0 1.1.1.0 255.255.255.0 (added new line)

remember that you also need to mirror this access list on the other side to get the tunnel passing both networks.

regards,

Shadi`

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers