Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
0
Helpful
2
Replies

Configuration possible with 3020 and PIX501?

pkluss
Level 1
Level 1

‎02-11-2008 07:43 AM

I'm trying to setup a VPN configuration with a company that has a 3020 Concentrator and we have a PIX501.

We currently use PAT for all communications with the outside world (except with a few servers that have their own dedicated IPs, which we NAT). When traveling over the VPN tunnel to the 3020, I'd like our hosts to NAT to an address range that is internal to the remote network (they've requested this). Is it possible to set this up?

pk

Labels:
0 Helpful
2 Replies 2

srue
Level 7
Level 7

‎02-11-2008 09:43 AM

I don't know if that would work or not. On both sides your source and destination networks for the VPN would be the same then, and you might get some undesirable results.

You could NAT your network to some other network though that they weren't using on their side, and that wouldn't be a problem. To do this, you would create some sort of policy nat statement using an ACL. Then for your crypto ACL, you just match on traffic from the nat'ed (global) address space.

0 Helpful

pkluss
Level 1
Level 1
In response to srue

‎02-11-2008 09:59 AM

Could you provide an example? I'm having difficulty figuring out how to tell the PIX when to use the NAT and when to use the PAT for the hosts that will be accessing the VPN tunnel.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents