I have a PIX 515 with 3 interfaces in it that connects to an outside router with 2 ethernet interfaces. On the other interface is a Ravlin 10 VPN device. It has a local interface with an IP in the same segment that the PIX local interface is. Our remote users can not route through the tunnels since our work stations are sending packets to the PIX that have to come back out the same interface and go to the VPN device.
Is there a way to get the PIX to route these packets back out the same interface to the VPN device?
As it can be an issue letting Firewalls bounce or redirect packets off its Interfaces, we donot allow this on the PIX Firewall to make sure its Secure and Efficient at what it does best, Firewalling. So you might want to rethink your Network topolgy to incorporate that or just terminate the VPN tunnels on the PIX Firewall itself.
We have a router on the inside that we are pointing all the internal workstations and servers. Additionally we are pointing all traffic from the tunnels to this router. Our problem is that it appears that some of the traffic coming out of the tunnels now dies there and never gets to the PIX. Could this be a configuration problem on the PIX? Thanks for the feedback. I need to get more experience with the PIX...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...