cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
508
Views
5
Helpful
4
Replies

PIX query/PAT and VPN

n.oneill
Level 1
Level 1

Is is possible to use a single IP for outbound PAT for internet access, inbound PAT for SMTP and to terminate an IPSec VPN?

I have had problems with a remote access VPN and am investigating whether or not this would cause the problem.

4 Replies 4

shannong
Level 4
Level 4

Yes. You can functionaly use a single IP on a Pix to provide all of those functions. What kind of IPSec connection? Dynamic or static? Post your crypto/isakmp config.

Thanks

The VPN will be dynamic. It is to provide remote access.

baileja
Level 1
Level 1

access-list 100 permit tcp any any eq 80

nat (inside) 1 access-list 100

global (outside) 1 interface <-- or single IP

access-list 101 permit tcp any host x.x.x.x eq 25

access-list 101 permit tcp any host x.x.x.x eq ??

nat (inside) 2 access-list 101

global (inside) 2 interface <-- or single IP

Just replace the x.x.x.x's above with your mail server and your VPN termination IP addresses and the ?? with your VPN ports (add more if necessary) I am assuming that your VPN termination is something other than your PIX?

Thanks for the post but my config works ok - just a reboot was required so I guess I had some entries in the xlate table that needed clearing.

Cheers