Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX query/PAT and VPN

Is is possible to use a single IP for outbound PAT for internet access, inbound PAT for SMTP and to terminate an IPSec VPN?

I have had problems with a remote access VPN and am investigating whether or not this would cause the problem.

4 REPLIES
Silver

Re: PIX query/PAT and VPN

Yes. You can functionaly use a single IP on a Pix to provide all of those functions. What kind of IPSec connection? Dynamic or static? Post your crypto/isakmp config.

New Member

Re: PIX query/PAT and VPN

Thanks

The VPN will be dynamic. It is to provide remote access.

New Member

Re: PIX query/PAT and VPN

access-list 100 permit tcp any any eq 80

nat (inside) 1 access-list 100

global (outside) 1 interface <-- or single IP

access-list 101 permit tcp any host x.x.x.x eq 25

access-list 101 permit tcp any host x.x.x.x eq ??

nat (inside) 2 access-list 101

global (inside) 2 interface <-- or single IP

Just replace the x.x.x.x's above with your mail server and your VPN termination IP addresses and the ?? with your VPN ports (add more if necessary) I am assuming that your VPN termination is something other than your PIX?

New Member

Re: PIX query/PAT and VPN

Thanks for the post but my config works ok - just a reboot was required so I guess I had some entries in the xlate table that needed clearing.

Cheers

84
Views
5
Helpful
4
Replies