Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 515 tunnel with Checkpoint NG R55

Hi All,

I am a newbie in PIX!! (now a days its ASA).I am creating IPsec tunnel from PIX with Checkpoint NG R55.I have config ready with me for pix but having one doubt about NAT & NO-NAT.

I am configuring NAT tunnel.In PIX I have configured VPN ACL as:-

permit ip host x.x.x.x y.y.y.y

where, x.x.x.x -> public IP of outside interface of PIX

y.y.y.y -> public Ip at Checkpoint (its a Natted IP on Checkpoint where private IPs behind Checkpoint are Natted with a public IP y.y.y.y)

In short I hv allowed traffic between 2 public Ips only.But in checkpoint I have written rule where I have private IPs behind Checkpoint as source & private IP range behind PIX as destination.So do I need to write a similar rule in PIX for source & destination where I hv to allow private IPs at both end in an ACL?? or ACL allowing both side public IP will be sufficient ???.I am attaching my PIX config (IMP.txt)

Help on this would be appreciated.

Community Member

Re: PIX 515 tunnel with Checkpoint NG R55

You need to identify the traffic that needs to be encrypted(

Check out this link

it will explain what the ACLs do.

CreatePlease to create content