03-01-2007 09:10 PM - edited 02-21-2020 02:53 PM
I have a Pix 525 with 7.2(2). I have the outside interface to a GSR using private IP's. I want external people to be able to establish an IPSEC Tunnel to this pix using a public IP. The GSR routes the public IP to the Pix. How can I assign the public IP to the outside interface so that it will establish the IPSEC Tunnels?
Thanks
LK
03-04-2007 05:49 AM
Hi,
If the GSR is doing static NAT for the Outside interface ip address to a public ip, then yu are all set. Just configure the PIX the way it should be, and the VPN will work.
You dont have to do anything else.
-Kanishka
03-04-2007 07:46 PM
Hi LK,
A couple of things that you need to take care of :
1. GSR is doing a static NAT for the outside IP of the PIX to a public IP.
2. GSR is not blocking any protocols/ports used for VPN. E.g. for IPSEC VPN, you need to make sure that UDP 500, UDP 4500 and ESP are open. Please also make sure that NAT-T is enabled on the PIX.
HTH,
Please rate if it helps,
Regards,
Kamal
03-05-2007 10:11 AM
The GSR is not doing any NAT.
The GSR is blocking nothing.
The Pix has a public IP that is directly connected to the GSR. This is the Gig-e link between them. The GSR has a static route to another public IP that points to the Pix. What I want to do is configure the Pix so that external people can make an IPSEC connection to the second public IP. Not the interface IP. Is that possible?
Thanks
LK
03-05-2007 10:22 AM
Hi,
The VPN tunnel can terminate only on one of the interfaces of the PIX.
The ip address for VPN tunnel has to be assigned to some interface.
Hope this helps.
-Kanishka
03-07-2007 07:06 AM
That's what I was afraid of. Thanks a lot for the help.
03-05-2007 11:52 PM
Hi LK,
No this is not possible. You need to connect to the interface IP.
Regards,
Kamal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide