I need to setup the vpn tunnel between 2 sites.One site has the concentrator another site has the pix 515E.The site engineer from the concentrator side given the below details to configure the pix in my site.
Concentrator site Tunel ip : 168.x.x10
Phase 2 settings
I prefered the both crypto map and isakmp policy then applied it to the firewall and tested found that no tunnel establishment.
They mainly accessing our server with 192.168.100.9.
They want me to translate this ip then do the vpn tunnel config. I confused and come to netpro to get your help.
Please tell me how can i do the tunnel with one site (remote) legal ip address subnet (168.x.x.0/24) and my site rfc 1819 address (192.168.100.0/24)with the ip address 192.168.100.9 to be translated first before the ip sec config.
In real config, the remote admin ask me not to do the anting. So i translated the local server 192.168.100.9 to the loval legal ip given by ISP then the legal ip i made the crypo acl.Now i need to proceed further to finish the config.
Your crypto access-list needs to specify the NAT'ed IP address(es) going to the remote site 168.x.x.0/24 network. You're going to need to NAT the appropriate traffic using policy NAT - nat (inside) 1 access-list NAT-TO-VPN3000.
access-list NAT-TO-VPN3000 permit ip host 192.168.100.9 168.x.x.0 255.255.x.x
Basically, you want to NAT prior to encrypting your VPN traffic. Your crypto ACL must be an exactly mirror of the remote side
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...