Router (With Dynamic IP) to PIX

hywel.ifans · ‎07-02-2002

Hi, central site has a PIX 506 and the remote sides are a mix of PIX to broadband, router to ISDN and Dial-up clients. Customer cannot get static IP at each of the router (ISDN) sites, therefore I need to make the link to the central site with dynamically assigned IP address on the router's public interface. I've tried not to both by using a VPN Client on each PC behind the routers, however (I believe that I'm correct in saying this) because the routers NAT this doesn't work.

Any thoughts or sample configs?

awaheed · ‎07-02-2002

Hi,

Actually if you use Static NAT (One to One translation) then this should work for the Clients coming in from behind the Router connecting to the PIX Firewall, but if you do PAT on the Router for the VPN client going out then because no IPSEC/NAT is being done in case of PIX this will not work.

Hope this answers your question,

Thanks and Regards,

Aamir Waheed,

Cisco Systems, Inc.

CCIE#8933

-=-=-=-

hywel.ifans · ‎07-17-2002

Thanks for the response, but having played with it a lot I have got it working without static nat. I believe that you are absouloutely correct in what you say, but if you make the router and the PIX the two end points and then by-pass NAT for IPsec traffic it will work. The problem is if you want to make your PC and the PIX the two end-points. In that case you would indeed be forced to static NAT.

Got there in the end! Incidentally if anyone wants a copy of the config e-mail me.