Where to NAT? Site-to-Site VPN (PIX with 3005 in DMZ)

Unanswered Question

My configuration is such that my 3005 sits in the DMZ of my PIX. I am creating a L2L VPN with a business partner.

The partner has requested NO RFC1918 through the tunnel. Thus I need to NAT the FTP host that this partner will access. This FTP host is in my internal 172.20.x.x network.

I am confused as to where I should perform the NAT. On the PIX or on the 3005 or both.

The connection layout is:

Internet to Public on PIX

3005 to DMZ on PIX

Both PIX and 3005 have Private Interfaces to my network.

My gut is telling me the NAT should be on the PIX but I am letting the L2L confuse me on how it should all work.

Any assistance would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion