My home network is 192.168.1.1/24 the internal network for work is 192.168.1.1/24 Is there a setting in the Pix that will either change the Home's IP address to something else after creating the VPN tunnel so that I can actually talk to IPs on the work network or do I have to just change my IP scheme over to 10.0.0.1 for home? I would hope there would be a command to avoid having to do in the Pix.
Yes you can hide all your 192.168.1.x IP addresses at home behind your public IP address of the outside interface on your pix.
So you would need to NAT all your private 192.168.1.x addresses
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
Then in your crypto map access-list that define interesting traffic for the VPN tunnel
access-list vpn_traffic permit ip host "public IP of your pix" 192.168.1.0 255.255.255.0"
Your home pix will NAT your 192.168.1.x addresses to the public ip of your pix then encrypt them and send them to your work site.
** Note that this solution assumes that all connections will be initiated from your home network to work. If you need to be able to initiate connections from work to home it can still be done but it is a more complicated configuration **
I was looking at the command "IP Pool" is it possible when the User initiates a VPN connection to the Pix to make the Pix send a "Pooled IP" address of something else maybe?
Say for instance the Home user has a 192.168.1.1 address would it be possible to have the Pix send them a totally different address to use? Maybe something in the 10.0.0.1 Range? That'd probably be a little better for my case if that's possible.
1. We nat on the PIX (home device) and on the work device.
We nat it in such a way that when the traffic is going from home to work it appears as 192.168.2.0/24 and when the traffic is going from work to home it appears as 192.168.3.0/24. So the home actually access the 192.168.3.0 network the work accesses the 192.168.2.0/24 network. On the home PIX commands should look like :
access-list policy permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...