Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
2
Replies

Site-to-site VPN and NAT

dmayne
Level 1
Level 1

‎05-20-2004 10:23 AM - edited ‎02-21-2020 01:10 PM

We have a PIX 506 with 2 site-to-site VPNs and 1 connection to a webserver. We recently changed our internal IP addresses to 10.x.x.x. The 2 site-to-site VPNs require access to the same server (saprouter) by different organizations. We have reconnected to one vendor (exempt from NAT) however, the 2nd vendor cannot use the 10.x.x.x. We only have one public ip address on the outside interface. Is it possible to configure NAT to translate the saprouter (10.x) to use the outside ip address without effecting the other site to site connection?

Labels:
0 Helpful
2 Replies 2

teschweizer
Level 1
Level 1

‎05-23-2004 09:32 AM

I had the same problem a couple of time. However I was always using IOS routers for the site-to-site VPNs. With IOS you can use GRE over IPsec. In such a configuation you can have a NAT on the tunnel (GRE)interface and you can NAT your internal IP address to another address that better fits your vendor. I don't think you can do that with a PIX.

0 Helpful

dmayne
Level 1
Level 1
In response to teschweizer

‎05-24-2004 09:54 AM

I resolved the issue by adding a NAT table entry using a new public IP address (not the outside IP) to translate the internal saprouter address.

0 Helpful
Customers Also Viewed These Support Documents