Hi,
I want to establish a VPN tunnel from a PIX to a another IPSec gateway
in the following way:
Local network: 172.16.22.0. This network should be natted to a global
IP, say, 202.125.145.31.
Destination host: 10.253.96.1
Remote Peer: 208.207.82.72
Users from 172.16.22.0 should only be able to access the FTP service
on the destination host. The local network needs to be natted to a
valid IP address because the remote site security policy does not
permit any communication with invalid/private IP addresses.
The IKE policy for the tunnel would be: HMAC-MD5, 3DES
IPSEC SA: ESP-3DES ESP-HMAC-MD5
Would the following config work:
NAT 172.16.22.0 to the global IP 202.125.145.31:
nat (inside) 4 172.16.22.0 255.255.255.0
global (outside) 4 202.125.145.31
Define my interesting traffic:
access-list 115 permit ip host 202.125.145.31 host 10.253.96.1
Control access to the remote host:
access-list 116 permit tcp 172.16.22.0 255.255.255.0 host 10.253.96.1 eq ftp access-list 116 permit tcp 172.16.22.0 255.255.255.0 host 10.253.96.1 eq ftp-data
access-group 116 permit in inside
Define access-list 115 as my interesting traffic:
crypto map map01 2 match address 115
Use ESP-3DES ESP-HMAC-MD5 as my transform-set.
Regards,
Siddhartha