Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX NAT and IPsec

I have a PIX that has statically translated IPs for servers. For example, say the outside IP of a server is 172.1.1.1 and the inside is 10.1.1.1. I also have an IPSec tunnel with some vendors that can build a tunnel with my PIX for the 10.1.1.0 network.

Is there any way I can build a tunnel with them for 172.1.1.1 IPs? In other words, their requirement is to establish a tunnel for public IPs, which means that they want to have my PIX as a peer, but route anything going to 172.1.1.0 through the tunnel. Sort of like PIX would first strip down the tunnel and then translate the IP addresses.

Would that work? Or do I have to move the VPN functionality to a device in front of PIX?

Thank you,

Vladimir

1 REPLY
Cisco Employee

Re: PIX NAT and IPsec

You can create a tunnel based on the public ip address of your host, so the pix accepts the ipsec traffic and then decrypt it and then translates it back to the inside ip addr of the host. Make sure though that you exclude the PIX outside interface from your crypto acl if the host on the public side is within the same subnet as the PIX outside interface.

80
Views
0
Helpful
1
Replies