Re: 3000 VPN Concentrator and Routing

ccoombs · ‎05-23-2002

We are in the process of moving away from the current firewall/VPN solution to a PIX/3000 Concentrator solution. We have approximately 120 vpn users that connect back to our headquarters using VPN software...no LAN-TO-LAN connections.

We do NAT for all internal address's to the internet. Our current firewall NAT's the incomming tunnels to out internal network. Our internal address scheme is a class A address but with a class C subnet.

The problem i have here is that with the 3000 concentrator works with address pools to distribute out addresses to all VPN connections. We do not have enough internal addresses to handle all the VPN connections also.

My question is...

1. Can the concentrator be setup to route an address pool with a different subnet to the internal network?

2. Can I NAT the incomming tunnels to out internal network?

I have asked these questions to my Rep but have yet to hear back. I was wondering if anyone in the group would be able to answer this.

I would love to go with these concentrators but I won't be able to unless I can resolve this problem. I don't have the option at this time to make the switch in the address scheme.

Thanks!

jfrahim · ‎05-23-2002

1. Can the concentrator be setup to route an address pool with a different subnet to the internal network?

Jazib >> Yes

2. Can I NAT the incomming tunnels to out internal network?

Jazib >> You would not be able to nat the incoming tunnels on the concentrator. You would have to use the pix firewall to do that

ccoombs · ‎05-23-2002

Thanks,

The address pool is the way I would prefer to go. I will look into how we set that up.