Re: Pix vpn using PAT example

starmantwo · ‎10-03-2008

Can someone post an example of how i would create a vpn and pat the traffic to my internet ip across the vpn. thankss

singhsaju · ‎10-03-2008

Hello,

Do not use NAT 0 but allow the traffic to be PAT'ed and create Crypto ACL with Pate'd address as source .

For Example :If 172.16.0.0/16 is remote private network and X.X.X.X is the PIX 's outside interface IP. The remote side will have Crypto ACL as mirror image of the access -list 101.

interface Ethernet0

nameif outside

security-level 0

ip address X.X.X.X 255.255.255.0

interface Ethernet1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

access-list 101 extended permit ip host X.X.X.X 172.16.0.0 255.255.0.0

crypto ipsec transform-set my-set esp-aes-256 esp-sha-hmac

crypto map mymap 20 match address 101

crypto map mymap 20 set peer 172.30.1.1

crypto map mymap 20 set transform-set my-set

crypto map mymap interface outside

isakmp enable outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption aes-256

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

tunnel-group 172.30.1.1 type ipsec-l2l

tunnel-group 172.30.1.1 ipsec-attributes

pre-shared-key *

HTH

Saju

Pls rate helpful posts