Re: NAT VPN connections on PIX?

twyant · ‎11-21-2002

Hello! I have a PIX 525 and on a handfull of VPN connections I need to present myself as coming from an address that is different than my internal addresses. Is this possible on the PIX? Thanks for your help!

Tom

awaheed · ‎11-22-2002

Hi Tom,

Its definately possible to do as the operation of NAT occurs before it goes through the IPSec process through the PIX firewall. The following URL would show you how the packets can be statically NATted through the VPN tunnel http://www.cisco.com/warp/customer/707/vpn_pix_private.html

Hope this helps,

Regards,

Aamir Waheed

Cisco Systems, Inc.

CCIE#8933

-=-=-

twyant · ‎11-22-2002

Aamir,

Thank you for your help! The problem I'm running into is that I need to NAT based on destination. I have a handful of tunnels that need to be presented as coming from different ip blocks while the remainder are fine with a nat (inside) 0 command. It looks to me like a VPN concentrator will do what I need instead of the PIX. Again, thanks for your help!

Tom

awaheed · ‎11-22-2002

Hi Tom,

Actually the link which I sent you has the PIX doing exactly what you are looking for. Although the CVPN3000 can do this with the latest release: http://www.cisco.com/warp/public/471/config_vpn_3k_site.html, you should still be able to accomplish your tasks using the PIX firewall.

In case you need help in understanding how its working feel free to open up a TAC case on this aswell or feel free to ask me questions on it.

Hope this helps,

Regards,

Aamir

-=-=-