Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Is it possible to have lan to lan tunnel b/w pixes with a natting device

Is it possible to have lan to lan tunnel b/w pixes with a router doing natting between them. Also what if one one vpn endpoint was a router is it possible.

Scenario,

One end pix gets a dynamic ip add from DSL router and all traffic through the DSL router is natted out (1 to 1 natting). The other end is also a pix is it possible. If the other end was a router would be possible.

1 REPLY
Cisco Employee

Re: Is it possible to have lan to lan tunnel b/w pixes with a na

Ipsec will work through a NAT device with no problems, provided it's a one-to-one translation. Just point each PIX to the NAT'd IP address and you should be fine. This will also work with a router-to-PIX tunnel.

Having said that, AH does not work through a NAT device, only ESP, so make sure your IPSec transform doesn't have any AH options in it.

104
Views
0
Helpful
1
Replies