PAT to endpoint

Unanswered Question
Nov 9th, 2007
User Badges:

Our company is going to create an "iVPN" with a partner. The partner company requires:

1. "Model of vpn firewall" (they are using Checkpoint, we use ASA 5510)

2. "One public ip for the partner endpoint"

3. "The public ip addresses inside that tunnel or you can PAT to that endpoint ip"

Number three is what I don't understand. I have setup several l2l and remote vpn's for our network, but I'm not sure exactly what they are requesting.

Can anyone shine some light on this?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Sat, 11/10/2007 - 11:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I suspect what they are saying is that they do not want to see the source IP addresses of your clients so they are expecting you to either

1) Use a separate public IP address and PAT all your source IP addresses to that one IP address

2) PAT all your source IP addresses behind the public IP address attached to the outside interface of your ASA5510.

Some companies i have setup VPN's with insist on only receiving public IP addresses through the VPN tunnel.




This Discussion