01-05-2004 02:21 AM - edited 02-21-2020 12:59 PM
Is is possible to use a single IP for outbound PAT for internet access, inbound PAT for SMTP and to terminate an IPSec VPN?
I have had problems with a remote access VPN and am investigating whether or not this would cause the problem.
01-05-2004 06:10 AM
Yes. You can functionaly use a single IP on a Pix to provide all of those functions. What kind of IPSec connection? Dynamic or static? Post your crypto/isakmp config.
01-05-2004 07:10 AM
Thanks
The VPN will be dynamic. It is to provide remote access.
01-07-2004 07:02 AM
access-list 100 permit tcp any any eq 80
nat (inside) 1 access-list 100
global (outside) 1 interface <-- or single IP
access-list 101 permit tcp any host x.x.x.x eq 25
access-list 101 permit tcp any host x.x.x.x eq ??
nat (inside) 2 access-list 101
global (inside) 2 interface <-- or single IP
Just replace the x.x.x.x's above with your mail server and your VPN termination IP addresses and the ?? with your VPN ports (add more if necessary) I am assuming that your VPN termination is something other than your PIX?
01-07-2004 07:38 AM
Thanks for the post but my config works ok - just a reboot was required so I guess I had some entries in the xlate table that needed clearing.
Cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide