08-23-2000 12:52 PM - edited 03-08-2019 07:46 PM
(Note: This message was posted as part of the "Ask the Expert" Event on Firewalling that took place August 4-18. Feel free to respond to or form discussions around this question)
Posted by jmalan
VPN client V1.1 should go through NAT (many-to-many), but it will not go through PAT (many-to-one). With respect to a PIX, is this referring to an outbound connection? And is it correct that a inbound VPN client connection can terminate on the inside interface allowing access to the trusted network?
08-30-2000 07:25 AM
To my knowledge, the VPN client (as well as most VPN products on the market today) uses a specific IP protocol where Port Address
Translation only works with TCP & UDP. That is why you must have a valid IP address for the client (NAT is okay).
08-31-2000 10:16 AM
I have seen the PIX terminate IPsec tunnels in any interface (outside, inside, any number of perimeters) in the lab but I know it
didn't work until recently.
08-31-2000 11:54 AM
You must run PIX version 5.1(2) or greater to terminate tunnels on interfaces other than the outside. (Inside and all perimeters interfaces are now supported for tunnel termination.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide