07-14-2003 03:08 AM - edited 02-21-2020 12:39 PM
I am new to setting up a VPN client config on the PIX using a 515e and 6.1.4 software. I am using the config at the URL below and have a question on the ACL. If the internal network is actually using 10.1.1.0 for example in our network should I exlcude it from the ACL? We are using this address range for PAT with a couple of servers also (static/conduit). If this is the case I think I should just use 10.1.2.0 for the VPN clients right to bypass NAT? If this is the case how is routing handled between the subnets if they need to access the 10.1.1.0 once they connect over the VPN? I assume this is like a virtual subnet and the PIX will do all the work but wanted to make sure.
http://www.cisco.com/warp/public//110/pix3000.html
Thanks,
Greg
07-15-2003 08:19 AM
Hi Greg,
I think what you did is correct. The NAT 0 cammand will just bypass the NAT/PAT. The routing between the VPN clients and the internal subnet will be taken care by the PIX, since you just have one internal subnet and that is directly connected to the PIX. Only for the outside (to internet) you would need a static route on the PIX. Hope this helps you.
Thanks
Jins
07-17-2003 06:46 AM
I discovered the ACL is to be used for the NAT 0 command. The NAT 0 command is used to bypass NAT as the packets are routed from the inside subnet to the VPN subnet and thus do not need NAT. Read the ACL as from source to destination (duh) and this makes sense.
Thnanks Greg!
Greg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide