Unanswered Question

Hey all,

I've got a second location with 6503 chassis' with FWSM's on the edge of the network.

I'm using the FW to statically NAT the internet IP's to internal IP's using the static command. That's working fine.

However, I also need to set up a VPN connection to the site, terminating on the 'FWSM's VLAN' on the MSFC. So the connection will be on the edge of the FWSM and not actually inside it. I have to do it like this as I understand the FWSM cannot terminate VPN's.

So, in order for my to use internal IP addressing through the VPN and direct to the internal IP's on the inside of the FWSM I've added an extra static statement to allow this. So:

static (inside,outside) tcp gl_ip 80 lcl_ip 80 netmask

static (inside,outside) lcl_ip_range lcl_ip_range netmask

The FW compains that it overlaps but allows it anyway. I reckon this might be a bit dodgy, but it's all I could come up with that worked, so can anyone think of a better way? I tried adding a nonat access-list and nat statement to the outside interface but that didn't seem to work.

Appreciate the help!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion