I need to setup a LAN to LAN tunnel between my Pix515e 6.3(4) and an unknown remote Cisco device. The network admin at our parent company in France will be setting up their end, which is the unknown device.
Currently the PIX performs NAT between our private internal addresses to our Public external address.
For this IPSec tunnel, I need our PIX to NAT one private /24 subnet to another private /24 subnet before IPSec.
If I have an internal subnet 192.168.0.x. When traffic needs to go to France (10.40.1.x) via an IPSec tunnel, I want our Pix to NAT 192.168.0.x to 10.40.2.x prior to sending it through IPSec.
A) Is this possible?
B) What would my IPSEC ACL Look like for interesting traffic? Would it be 10.40.2.x 10.40.1.x?
We are trying to work around an overlapping subnet issue. The France side already has an IPSec tunnel to a location that overlaps with us.
I thought I read somewhere that IPSec happens before NAT which would indicate the ACL would need to be 192.168.0.x to 10.40.1.x. This might be an issue on the France side is they already have an ACL t0 192.168.0.x.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :