We are working on a project which will connect us to our clients for support. We purchased a 515e and have it fully configed to use for VPN. We PAT our address from 10.0.0.0 to 172.30.1.1 and it works fine. We have 5 betas connected to the PIX. They are all using a 3005 concentrator. Next week I have a PIX install so I took out 506e home with me to try and get it figured out. I am really stumpped. Here is the config off of the 515e for VPN:
access-list VPN_NAT permit ip 10.0.0.0 255.0.0.0 172.21.100.0 255.255.252.0
access-list Atlantic permit ip host 172.30.1.1 172.21.100.0 255.255.252.0
Now heres where I ge stuck. trying to configure the remote side to accespt NAT from 172.30.1.1 and take their source address of 192.168.2.0/24 and translate it into 172.21.100.0/24 and then apply firewall rules to it as well. For example access to only 172.21.100.3 port 23.
Like I said it works great from 3005 to 3005 or from PIX to 3005, but getting it to go from PIX to PIX has me really scratching my head.
I tried the PDM wizard, I tried static (inside,outside) trnaslations, access-lists and even went as far as nat (inside) 1 192.168.2.0 255.255.255.0 Global (outside)1 172.21.100.1-172.21.100.254 255.255.255.0. With no luck.
Has any one ever done this? I am not looking for a full config, but just a push down the right path.
I was able to bring the tunnel up, but I have 2 issues. One is I cant pass any traffic through the tunnel when its up, and the other is I cant access the Internet when the tunnel is up. Here is the remote PIX VPN config.
access-list atlantic permit ip 172.21.1.0 255.255.255.0 host 172.30.1.1
access-list VPN_NAT permit ip 192.168.2.0 255.255.255.0 host 172.30.1.1
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :