08-24-2004 09:44 PM - edited 02-21-2020 01:18 PM
We have to Create a IPSEC VPN from a PIX (1) - Site A to Cisco Router (2) - Site B over the internet. Set has been shown below.
PIX -------INTERNET---------Firewall--------Router
(1) (2)
Site A Site B
PIX is having the Public IP and Router is having the Private IP. Can we configure the VPN tunnel from PIX Public to Router Private IP by doing the Satic NAT of the Router Private IP on the Firewall of Site B.
Could someone provide a sample configuration for the same.
08-24-2004 09:50 PM
The above setup has not been pasted correctly. Mention below is the correct setup
PIX (1) is SITE A and Router (2) is Site B.
08-25-2004 09:18 PM
I think the configuration required on the router and PIX is usual Lan2Lan IPSec configuration when the tunnel-end points are getting NAT'd. If you are using preshared key, you need to make use of post NAT'd address of PIX tunnel-end point address in the preshared key configuration and also with setpeer address in crypto map.
There is an example for configuration between two routers with a PIX firewall doing NAT for one of the end-points. Refer to the following link:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009486e.shtml
HTH
krishna
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide