cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
457
Views
0
Helpful
3
Replies

VPN into PIX 506 behind home network using PAT

btucke
Level 1
Level 1

I have a home network with all devices accessing the Internet via Internet Connection Sharing to a machine with a xDSL modem. I know ICS uses PAT and this will not work with the current VPN client into the PIX; but, will a xDSL router/modem with a built in 8-port switch be the same or will it consider each machine connected directly to the router/modem and allow a VPN connection? If this will not work, are there any suggestions on how to accomplish this?

3 Replies 3

mmellet
Level 3
Level 3

Only the concentrator supports NAT transparency mode which is what you’ll need for this to work. PIX may support this in the future but not today.

There is a way to achieve the result (I am currently using it with a C803). If you ADSL device is capable of terminating VPN, you can configure it to use the external address as VPN endpoint and therefore it would work. A possible solution is to use a c827 with ip/fw plus 3des (or des) software.

If I have in a central office a VPN 3000 concentrator with Public IP address, and if in my branches I have a PIX behind a router doing PAT which is providing Internet access with negotiated IP address (not capable of terminating VPN and I don't have access to its configuration). Can I configure the PIX for allowing all the computers in the branch office to access my central office throug IPSEC VPN? If yes HOW?