10-13-2002 08:32 AM - edited 02-21-2020 12:06 PM
(LAN1)192.168.10.0-->ISA Server-->(DMZ)192.168.254.0-->PIX1
<--Internet-->
PIX2<--(LAN2)192.168.20.0
Has anyone attempted the setup above? It seems pretty straight forward however, I'm interested in knowing how traffic from the 192.168.10.0 LAN traverses the ISA Server and PIX1 to the destination LAN2 on the other end of a pure 3DES IPSec tunnel.
If I place a DMZ with private addresses between the ISA server and PIX, and create a PIX2PIX IPsec tunnel, what do I have to add to the PIX1 so that traffic between LAN1 and LAN2. Will a static route work on PIX1 suffice? Are there any additional changes I'll need to make to the ISA Server?
I'd greatly appreciate any input.
10-13-2002 04:05 PM
make sure you have nat ) access-list for the dmz. You can use the static to point to 192.168.10.0. And make sure your access-list matches for the crypto.
Regards,
10-13-2002 05:37 PM
I'm assuming such as this, to allow LAN1 users access to the internet and LAN2
access−list nonat permit ip 192.168.254.0 255.255.255.0 192.168.30.0 255.255.255.0
nat (inside) 0 access−list nonat
nat (inside) 1 192.168.254.0 255.255.255.0 0 0
And then use nonat for the crypto list...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: