Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Home 2 Lan IPSec VPN Tunnel with an Pix

My home network is the internal network for work is Is there a setting in the Pix that will either change the Home's IP address to something else after creating the VPN tunnel so that I can actually talk to IPs on the work network or do I have to just change my IP scheme over to for home? I would hope there would be a command to avoid having to do in the Pix.

Hall of Fame Super Blue

Re: Home 2 Lan IPSec VPN Tunnel with an Pix


Yes you can hide all your 192.168.1.x IP addresses at home behind your public IP address of the outside interface on your pix.

So you would need to NAT all your private 192.168.1.x addresses

nat (inside) 1

global (outside) 1 interface

Then in your crypto map access-list that define interesting traffic for the VPN tunnel

access-list vpn_traffic permit ip host "public IP of your pix""

Your home pix will NAT your 192.168.1.x addresses to the public ip of your pix then encrypt them and send them to your work site.

** Note that this solution assumes that all connections will be initiated from your home network to work. If you need to be able to initiate connections from work to home it can still be done but it is a more complicated configuration **

Let me know if you need more info.



New Member

Re: Home 2 Lan IPSec VPN Tunnel with an Pix

I was looking at the command "IP Pool" is it possible when the User initiates a VPN connection to the Pix to make the Pix send a "Pooled IP" address of something else maybe?

Say for instance the Home user has a address would it be possible to have the Pix send them a totally different address to use? Maybe something in the Range? That'd probably be a little better for my case if that's possible.

Cisco Employee

Re: Home 2 Lan IPSec VPN Tunnel with an Pix


We have 3 main options.

1. We nat on the PIX (home device) and on the work device.

We nat it in such a way that when the traffic is going from home to work it appears as and when the traffic is going from work to home it appears as So the home actually access the network the work accesses the network. On the home PIX commands should look like :

access-list policy permit ip

static (inside,outside) access-list policy

access-list vpn permit ip

The second acl is the crypto ACL that is bound with the crypto map. You will get bidirectional traffic.

2. Implement the previous suggestion. The traffic will be uni-directional i.e. only the home will be able to access the work and NOT vice-versa.

3. Change the IP addressing of the home network.


Please rate if it helps,



New Member

Re: Home 2 Lan IPSec VPN Tunnel with an Pix

No no I think I didn't make myself clear there's no "Home Pix" it's just Home Initiating a VPN connection to the Pix at work.



Is there a way to make it so that the Workpix

makes the Home192.168.1.1 Connection another IP address say That way I could comminicate with the Network on the other side of the WorkPix with no problems.

Sorry for the confusion

Cisco Employee

Re: Home 2 Lan IPSec VPN Tunnel with an Pix

I guess it would be best to change your home network to something other than (Its highly recommended).

As with or without split tunneling, the directly connected network route will always take precedence, so you would not be able to communicate with your office network.

Change your local subnet, and the communication would be fine.

*Please rate if helped.


Cisco Employee

Re: Home 2 Lan IPSec VPN Tunnel with an Pix

The problem was resolved in client version 4.8. You might wanna take a look @

*Please rate if helped.