10-23-2001 10:05 AM - edited 02-21-2020 11:27 AM
Wondering if it is possible to use the same interface on a PIX for the VPN Tunnel Peer and the hosts that you are trying to access. We have not got this to work. Wondering if it is possible and if so how and if not why?
Thanks
10-29-2001 04:11 PM
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Thank you for posting.
10-30-2001 03:38 AM
This should be OK. I use PIX 506s which only have two interfaces (one for inside one for outside) to establish VPN tunnels with other PIX 506s across the Internet and also present statically translated hosts (RIPE addresses) on the same (outside)interface.
Points to note.
Use normal methods for your internet access using global, nat, access-list, access-group commands. Use static mappings with RIPE registered addresses for allowing outside users to connect to inside hosts.
Establish your VPN and tie it to a nat 0 access-list to exempt this traffic from using the firewalls NAT services.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide