I was wondering if anyone has tried implementing IPSec VPNs to a VLANed interface. I have 2 DSL connections each with only on static address. I want to pass them through a Cisco router, NAT them, and then forward the IPSec request to one of 2 Logical (VLAN) interfaces on the outside interface of the PIX. Is this something that will work?
You mean .. you have your PIX outside interface connected to a switch as trunk. You have 2 VLANs linked to the outside interface. You have your VLANs interfaces NATed on the router to public addresses. You want to terminate the Ipsec on one of the VLANs .. Am I correct ..
If this is the case then it should be OK .. just make sure the PIX and router can pass IPsec and also make sure your PIX allows NAT-Traversal. The device at the other end also needs to support nat traversal.
Hi guys thanks for the reply, I actually got a PIX in house this evening so I will be upgrading the PIX 7.0(4) to 7.1 and then simulating the environment here at my office. I will let you know what happens over the next day or so.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...