Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
197
Views
0
Helpful
1
Replies

Can I have 2 tunnels from the same location?

us10610
Level 4
Level 4

‎03-08-2006 01:35 PM - edited ‎03-09-2019 02:11 PM

We've got a remote site with a wireless 871w. It's configured as a site-to-site and has a guest wireless SSID. I've got a problem when a guest user accesses their VPN client back to corporate over the internet, it interferes with the site to site tunnel. The pix sees it as a duplicate address and starts to renegotiate SPI. NAT-T is on the PIX. I have 5 internet address available, if I could figure out the syntax to allow my site-to-site to use the interface IP address and the inside hosts to use another address and over load it I think it would work.

I've been looking at this to long....any help would be appreciated.

Thanks,

Labels:
0 Helpful
1 Reply 1

shijogeorge
Level 1
Level 1

‎03-09-2006 03:49 AM

NAT-T needs to be enabled on the guest’s corporate VPN gateway for this to work fine.

And for NATting to separate public IP,

Nat (inside) 5 10.0.0.0 255.0.0.0

Global (outside) 5 x.x.x.x

0 Helpful
Customers Also Viewed These Support Documents