Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn connection

Hi, another company is putting a vpn device into our dmz, it has having an external address on it, the external addresses are all routed to our pix firewall, my question is can we put this vpn device on an external address sitting off the back of the pix firewall ?

5 REPLIES
Purple

Re: vpn connection

Hi Carl,

That is certainly possible. Just configure your PIX so that it does not translate the external address that belongs to this vpn device.

Hope that helps - pls do rate the post if it does.

Paresh

New Member

Re: vpn connection

Thanks Paresh, I gather the interface on this pix would also have an ip on the same subnet as the external ip's , am i right ?

The company have asked us to nat this address to internal , is this right, I thought vpn devices would always have an external (real) ip address and not natted, what is the normal setup ?

thanks

Carl

Purple

Re: vpn connection

That's correct.. the PIX interface would have to be in the same subnet.

While it is more common to use public IPs for VPN devices, you can certainly also use NAT'ed addresses, by using NAT traversal.

Here's a link that describes NAT traversal on the PIX:

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278c.html#wp1057446

Hope that helps - pls do rate the post if it does.

Paresh

New Member

Re: vpn connection

would this vpn device of his have an external card and an internal card or would it just have 1 and have to reach internal networks via the pix ?

Purple

Re: vpn connection

I would imagine that it would need at least one internal and one external interface...

PAresh

124
Views
0
Helpful
5
Replies