Is it possible to have lan to lan tunnel b/w pixes with a natting device
Is it possible to have lan to lan tunnel b/w pixes with a router doing natting between them. Also what if one one vpn endpoint was a router is it possible.
One end pix gets a dynamic ip add from DSL router and all traffic through the DSL router is natted out (1 to 1 natting). The other end is also a pix is it possible. If the other end was a router would be possible.
Re: Is it possible to have lan to lan tunnel b/w pixes with a na
Ipsec will work through a NAT device with no problems, provided it's a one-to-one translation. Just point each PIX to the NAT'd IP address and you should be fine. This will also work with a router-to-PIX tunnel.
Having said that, AH does not work through a NAT device, only ESP, so make sure your IPSec transform doesn't have any AH options in it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...