cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
372
Views
0
Helpful
1
Replies

PAT'ng with VPN

mjsully
Level 1
Level 1

Is it possible to PAT a group of addresses to the external ip address of a PIX and at the same time have that same outside interface as a tunnel endpoint for sending the PAT'd addresses out to the peer address of the pix?

1 Reply 1

jose.couto
Level 1
Level 1

I think that it is not possible to do what you want. For lan-to-lan tunnels, you should use NAT, not PAT, as the other end may initiate the IPsec negotiation (in fact, most of the configuration examples I have seen tell you to disable NAT). To which internal IP address will the PIX deliver a packet sent to the PAT address?

Regards.