Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Configuring VPN for a server that is also accessible from the Internet

Unanswered Question
Nov 2nd, 2003
User Badges:

Not sure if someone has already posted this question before, if so please refer me to the link.

I am trying to configure a server to initiate a VPN tunnel to a remote server and at the same time allow the server to accessible from the Internet. The problem is that once i configure static translation for the server, the VPN doesn't want to work. Please advice cause i am not very sure of the characteristic of PIX VPN.

The following is the configuration:

access-list 101 permit ip

access-list nonat permit ip

access-list 100 permit icmp any any

access-list 100 permit ip any host aa.aa.124.165 eq ssh

ip address outside aa.aa.124.164

ip address inside

static (inside,outside) aa.aa.124.165

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0 0

access-group 100 in interface outside

route outside cc.cc.124.1 1

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set cp-digi esp-3des esp-md5-hmac

crypto map peer-1 1 ipsec-isakmp

crypto map peer-1 1 match address 101

crypto map peer-1 1 set peer xx.xx.128.195

crypto map peer-1 1 set transform-set cp-digi

crypto map peer-1 interface outside

isakmp enable outside

isakmp key XXXXXX address xx.xx.128.195 netmask

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash md5

isakmp policy 1 group 1

isakmp policy 1 lifetime 86400


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
j-block Thu, 11/06/2003 - 08:22
User Badges:

I don't think this is possible on the pix, Hve you tried it with any other firewall before??

philipmusa Mon, 11/10/2003 - 17:24
User Badges:


The peer is a Checkpoint Firewall. The VPN works when the STATIC command is not configured. Once I configured the translation for the server, the VPN cease to initialise. Is there any sample configuration or documentation with this kind of setup. I have search through Cisco web site but to no avail. I'll advice the customer to capture a debug log for this.



This Discussion