I am a newbie in PIX!! (now a days its ASA).I am creating IPsec tunnel from PIX with Checkpoint NG R55.I have config ready with me for pix but having one doubt about NAT & NO-NAT.
I am configuring NAT tunnel.In PIX I have configured VPN ACL as:-
permit ip host x.x.x.x y.y.y.y
where, x.x.x.x -> public IP of outside interface of PIX
y.y.y.y -> public Ip at Checkpoint (its a Natted IP on Checkpoint where private IPs behind Checkpoint are Natted with a public IP y.y.y.y)
In short I hv allowed traffic between 2 public Ips only.But in checkpoint I have written rule where I have private IPs behind Checkpoint as source & private IP range behind PIX as destination.So do I need to write a similar rule in PIX for source & destination where I hv to allow private IPs at both end in an ACL?? or ACL allowing both side public IP will be sufficient ???.I am attaching my PIX config (IMP.txt)
Help on this would be appreciated.