Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX w/VPN and NAT

I'm configuring two PIX's for LAN-to-LAN VPN. I have 3 public addresses. What is the proper way to assign the addresses? I want .1 for the outside interface, .2 for the VPN (no NAT), and .3 for internal users NAT/PAT. Is this OK? Do I need NAT & global statements for VPN? Thanks

1 REPLY
Silver

Re: PIX w/VPN and NAT

lan to lan tunnels are associated with pix's outside ip addresses. You could do what you seek with just one ip address. After you use one ip for the outside interface, you can assign the 2 others to the global pool.

You will have:

nat (inside) 1 0 0 (enable nat for everything)

nat (inside) 0 access-list xxxx (selectively disable nat)

access-list xxxxx (specify subnets for which you will not be using nat, most likely, the ip range used internally on the other pix for the lan to lan tunnel, and the ip range you will assign to vpn users via ip local pool

88
Views
0
Helpful
1
Replies
CreatePlease login to create content