Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
0
Helpful
1
Replies

PIX w/VPN and NAT

cclark
Level 1
Level 1

‎12-15-2003 12:34 PM - edited ‎02-21-2020 12:57 PM

I'm configuring two PIX's for LAN-to-LAN VPN. I have 3 public addresses. What is the proper way to assign the addresses? I want .1 for the outside interface, .2 for the VPN (no NAT), and .3 for internal users NAT/PAT. Is this OK? Do I need NAT & global statements for VPN? Thanks

Labels:
0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎12-15-2003 01:36 PM

lan to lan tunnels are associated with pix's outside ip addresses. You could do what you seek with just one ip address. After you use one ip for the outside interface, you can assign the 2 others to the global pool.

You will have:

nat (inside) 1 0 0 (enable nat for everything)

nat (inside) 0 access-list xxxx (selectively disable nat)

access-list xxxxx (specify subnets for which you will not be using nat, most likely, the ip range used internally on the other pix for the lan to lan tunnel, and the ip range you will assign to vpn users via ip local pool

0 Helpful
Customers Also Viewed These Support Documents