Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
2
Replies

PIX to Concentrator VPN with NAT

arnis
Level 1
Level 1

‎05-27-2005 03:18 AM

I have the following issue

one site with a PIX and the other with a Concentrator

VPN tunnel between them

they have onverlaping networks, and I need the PIX side to do NAT for traffice before it goes into the tunnel, can the PIX do this, like the concentrator can ?

or could I use the Concentrator for this i.e. make him nat the addresses the pix is sending through the tunnel, I am not seeing that it would work, as then the security acl´s would not be able to match on both sides

any thoughts ?

Labels:
0 Helpful
2 Replies 2

robroutt74
Level 1
Level 1

‎05-27-2005 06:14 AM

If it were me, I would NAT my outbound traffic prior to it hitting PIX or NAT the traffic inbound coming from the far end after it hits your PIX. I have had issues trying to make this work by natting towards the ipsec interface.

HTH.

0 Helpful

nevjam
Level 1
Level 1
In response to robroutt74

‎05-30-2005 04:36 PM

You can use the PIX to nat before going into the ipsec tunnel. In earlier versions of PIX you didn't have the ability to NAT based on the destination network. So if you Natted for the tunnel and used the same interface for internet connectivity the edge router would have to then do another nat when traffic was destined for the internet. As of the latest version of PIX you can do a NAT based on the destination network.

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113601

0 Helpful
Customers Also Viewed These Support Documents