Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
0
Helpful
1
Replies

PIX 515 tunnel with Checkpoint NG R55

dataline
Level 1
Level 1

‎07-09-2007 10:55 AM - edited ‎02-21-2020 01:35 AM

Hi All,

I am a newbie in PIX!! (now a days its ASA).I am creating IPsec tunnel from PIX with Checkpoint NG R55.I have config ready with me for pix but having one doubt about NAT & NO-NAT.

I am configuring NAT tunnel.In PIX I have configured VPN ACL as:-

permit ip host x.x.x.x y.y.y.y

where, x.x.x.x -> public IP of outside interface of PIX

y.y.y.y -> public Ip at Checkpoint (its a Natted IP on Checkpoint where private IPs behind Checkpoint are Natted with a public IP y.y.y.y)

In short I hv allowed traffic between 2 public Ips only.But in checkpoint I have written rule where I have private IPs behind Checkpoint as source & private IP range behind PIX as destination.So do I need to write a similar rule in PIX for source & destination where I hv to allow private IPs at both end in an ACL?? or ACL allowing both side public IP will be sufficient ???.I am attaching my PIX config (IMP.txt)

Help on this would be appreciated.

Preview file
2 KB
0 Helpful
1 Reply 1

sboivin
Level 1
Level 1

‎07-09-2007 11:04 AM

You need to identify the traffic that needs to be encrypted(192.168.10.0-192.168.20.0).

Check out this link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00801f0f0c.shtml

it will explain what the ACLs do.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card