Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ed
New Member

How do I setup PIX to Checkpoint IPSec VPN with NAT

I have PIX IPSec VPN to Checkpoint sample config from Cisco.com and it makes sense ok.

Other IPSec sample configs are all based on nat0, but I need to NAT my traffic before it enters the VPN tunnel to the Checkpoint FW, using static nat mappings.

I am running PIX 6.3.2

Has anyone managed to get this working?

4 REPLIES
New Member

Re: How do I setup PIX to Checkpoint IPSec VPN with NAT

Yes, you can use statics if you want. The translation is not IPSec configuration. It is a seperate way to handle the traffic that aids VPN traffic.

So, the bottom line is, you can use statics instead of nat 0.

Paras

New Member

Re: How do I setup PIX to Checkpoint IPSec VPN with NAT

But remember that if you do a static, then it will override the nat/global translations. So, your hosts may not be able to get to the Internet. You may want to consider policy NAT as an option (but the effects of policy nat apply).

New Member

Re: How do I setup PIX to Checkpoint IPSec VPN with NAT

A static translation should work. Just make sure you use a routable IP address otherwise you will be locked out of the Internet.

ed
New Member

Re: How do I setup PIX to Checkpoint IPSec VPN with NAT

thanks for your help

160
Views
0
Helpful
4
Replies