05-06-2004 10:53 AM - edited 02-21-2020 01:08 PM
I have a user from another company that needs to access his Company VPN, which is a PIX. He is having to go through our PIX to do it. I only have 1 IP at the site in question (its DSL). Can this be done.
Thanks
05-06-2004 11:25 AM
I don't believe so, since you only have one (public) address the pix will get confused with the esp traffic thinking that it directed to it instead of the client behind it.
I would contact the other company's vpn/firewall admin and see if you can setup a site-to-site vpn between your pix and the other one.
05-06-2004 12:42 PM
Actually, you can accomplish this for a single internal VPN client by using a new feature in the PIX 6.3 code - http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63rnotes/pixrn63.htm#67762
Another option would be to have the other side configure VPN Nat-Traversal if they are running 6.3 code as well - http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a00801a6d21.html#65230
Hope this helps.
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide