Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Gateway to Gateway VPN on PIX with single interface

Wondering if it is possible to use the same interface on a PIX for the VPN Tunnel Peer and the hosts that you are trying to access. We have not got this to work. Wondering if it is possible and if so how and if not why?

Thanks

2 REPLIES

Re: Gateway to Gateway VPN on PIX with single interface

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

New Member

Re: Gateway to Gateway VPN on PIX with single interface

This should be OK. I use PIX 506s which only have two interfaces (one for inside one for outside) to establish VPN tunnels with other PIX 506s across the Internet and also present statically translated hosts (RIPE addresses) on the same (outside)interface.

Points to note.

Use normal methods for your internet access using global, nat, access-list, access-group commands. Use static mappings with RIPE registered addresses for allowing outside users to connect to inside hosts.

Establish your VPN and tie it to a nat 0 access-list to exempt this traffic from using the firewalls NAT services.

93
Views
0
Helpful
2
Replies