PIX - VPN client NAT off inside for LAN and NAT off outside for internet

Unanswered Question
Sep 7th, 2007
User Badges:

I'm trying to setup a pix where vpn users are NATed to 2 address.


Internet traffic to the outside interface (PUBLIC IP) and traffic to LAN NATed to the inside interface.


-----> traffic to the WAN x.x.x.x public IP (outside interface)


<LAN>---<PIX>---<WAN>


<---- traffic to LAN NATed to 192.168.254.254 (Inside interface)

Can someone point me in the right direction?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Thu, 09/13/2007 - 11:03
User Badges:
  • Bronze, 100 points or more

If the VPN clients are also terminating on outside interface then you will have to configure one-arm routing or hairpinning (i.e routing the packets out of the same interface from which they came) on PIX. This feature is only supported on PIX running software version 7.x or 8.0.

Actions

This Discussion