PIX query/PAT and VPN

n.oneill · ‎01-05-2004

Is is possible to use a single IP for outbound PAT for internet access, inbound PAT for SMTP and to terminate an IPSec VPN?

I have had problems with a remote access VPN and am investigating whether or not this would cause the problem.

shannong · ‎01-05-2004

Yes. You can functionaly use a single IP on a Pix to provide all of those functions. What kind of IPSec connection? Dynamic or static? Post your crypto/isakmp config.

n.oneill · ‎01-05-2004

Thanks

The VPN will be dynamic. It is to provide remote access.

baileja · ‎01-07-2004

access-list 100 permit tcp any any eq 80

nat (inside) 1 access-list 100

global (outside) 1 interface <-- or single IP

access-list 101 permit tcp any host x.x.x.x eq 25

access-list 101 permit tcp any host x.x.x.x eq ??

nat (inside) 2 access-list 101

global (inside) 2 interface <-- or single IP

Just replace the x.x.x.x's above with your mail server and your VPN termination IP addresses and the ?? with your VPN ports (add more if necessary) I am assuming that your VPN termination is something other than your PIX?

n.oneill · ‎01-07-2004

Thanks for the post but my config works ok - just a reboot was required so I guess I had some entries in the xlate table that needed clearing.

Cheers