Gateway to Gateway VPN on PIX with single interface

mvanosdall · ‎10-23-2001

Wondering if it is possible to use the same interface on a PIX for the VPN Tunnel Peer and the hosts that you are trying to access. We have not got this to work. Wondering if it is possible and if so how and if not why?

Thanks

ciscomoderator · ‎10-29-2001

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

nvekaria · ‎10-30-2001

This should be OK. I use PIX 506s which only have two interfaces (one for inside one for outside) to establish VPN tunnels with other PIX 506s across the Internet and also present statically translated hosts (RIPE addresses) on the same (outside)interface.

Points to note.

Use normal methods for your internet access using global, nat, access-list, access-group commands. Use static mappings with RIPE registered addresses for allowing outside users to connect to inside hosts.

Establish your VPN and tie it to a nat 0 access-list to exempt this traffic from using the firewalls NAT services.