I am using the pix to act as a vpn headend device for approx 60 sites ( 10 connected at present). For all of the sites connected so far i have been Natting the incoming source ip addresses. ie.
nat (outside) 1 172.16.1.0 255.255.255.0 outside
nat (outside) 2 172.16.2.0 255.255.255.0 outside
the corresponding global statements have been added
global (inside) 1 10.157.1.10
global (inside) 2 10.157.2.10
There is a static command for the server they are accessing and the vpn connections for these sites work fine.
However i just tried to connect a site who did the nat at their end and although the vpn tunnel came up no traffic was leaving the internal interface of the pix destined for the server for that connection. I then added a NAT & global statement for this connection
well yes and no. The pix is acting as a headend device and the traffic is coming to the external interface
for example if i was configuring a site-to-site vpn normally, at the headend i would need a sysopt connection permit-ipsec command, an access-list for the crypto map entry and a static command(s) for the servers the vpn is giving access to. I would not need a nat statement for the source ip addresses as such, just a static mapping for the servers.
Normally you use the nat commands for inside to outside access. This is not what we are dealing with here.
Perhaps because i have explicitly used nat outside statements i need to be explicit also when i don't want to use NAT. I'll test it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...