Site to Site VPN w/NAT traversal design question

Answered Question
May 3rd, 2007

Hi, I have a number of site to site VPNs which terminate on a PIX. I plan to migrate these VPNs to a router that is sat on a DMZ connected to the PIX. Before I do that I'm going to configure a new VPN to terminate on the router but I also need the VPNs that terminate on the PIX to not be affected.

If I configure NAT traversal on the PIX, will my other VPNs be affected?

Many Thanks in Advance

Dom

I have this problem too.
0 votes
Correct Answer by haroon.shaikh about 9 years 8 months ago

Hi Dom,

Why do you want to configure NAT-Traversal on PIX if you are going to terminate your VPN on router (which is on DMZ).

Are you doing any NAT on PIX thru to Router?

If you want to configure NAT-Traversal it should be configured on the end devices (on Router in your case).

Example:

When a user with Cisco client or a Cisco router behind NAT wants to connect to another device (such as PIX, ASA or Router) NAT-T should be configured on the end-device (which will be PIX or ASA)

Hope that helps.

* Please rate the post

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
haroon.shaikh Thu, 05/03/2007 - 23:52

Hi Dom,

Why do you want to configure NAT-Traversal on PIX if you are going to terminate your VPN on router (which is on DMZ).

Are you doing any NAT on PIX thru to Router?

If you want to configure NAT-Traversal it should be configured on the end devices (on Router in your case).

Example:

When a user with Cisco client or a Cisco router behind NAT wants to connect to another device (such as PIX, ASA or Router) NAT-T should be configured on the end-device (which will be PIX or ASA)

Hope that helps.

* Please rate the post

Actions

This Discussion