Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
1
Replies

Accessing a system using global IP via vpn tunnel

ansar
Level 1
Level 1

‎02-18-2005 07:36 AM - edited ‎02-21-2020 01:37 PM

Dear all

I am using pix 515. I have one system (sys1) in dmz. one of my company partner wants to access the system using site to site vpn. site to site vpn has been established. Partner can reach my network using their private ip and vice versa. Problem is partner wants to access sys1 using global ip (via vpn tunnel) not by sys1 private ip.

As I understand, we use access control lists (ACLs) to tell the PIX not to do network address translation (NAT) to the private-to-private network traffic.

Can I NAT the sys1 private ip to one global ip and use ACL to classify the global ip as interested traffic for the encryption, it will work ?

pls post me if there is any working config , or post me the config URL.

Kind Regards

chand

Labels:
0 Helpful
1 Reply 1

Patrick Iseli
Level 7
Level 7

‎02-18-2005 10:41 AM

VPNs are allways connecting inside the VPN Tunnel with Private IPs never with Public IPs. A little bit strange what they are asking you.

The reason might be that they have the same private IP Range on their site and so they have a routing issus. If this is the case then you can NAT the overlapping Networks with a static on the outside interface. See this example:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113571

I do not think this will work with a NAT on its global public IP. As this IP is physicly binded to a outside interface, IP Range. But I have never tryed to make something like that working.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents