Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
741
Views
0
Helpful
2
Replies

PIX2PIX IPsec with additional internal LAN

jpeter
Level 1
Level 1

‎10-13-2002 08:32 AM - edited ‎02-21-2020 12:06 PM

(LAN1)192.168.10.0-->ISA Server-->(DMZ)192.168.254.0-->PIX1

<--Internet-->

PIX2<--(LAN2)192.168.20.0

Has anyone attempted the setup above? It seems pretty straight forward however, I'm interested in knowing how traffic from the 192.168.10.0 LAN traverses the ISA Server and PIX1 to the destination LAN2 on the other end of a pure 3DES IPSec tunnel.

If I place a DMZ with private addresses between the ISA server and PIX, and create a PIX2PIX IPsec tunnel, what do I have to add to the PIX1 so that traffic between LAN1 and LAN2. Will a static route work on PIX1 suffice? Are there any additional changes I'll need to make to the ISA Server?

I'd greatly appreciate any input.

Labels:
0 Helpful
2 Replies 2

edadios
Cisco Employee
Cisco Employee

‎10-13-2002 04:05 PM

make sure you have nat ) access-list for the dmz. You can use the static to point to 192.168.10.0. And make sure your access-list matches for the crypto.

Regards,

0 Helpful

jpeter
Level 1
Level 1
In response to edadios

‎10-13-2002 05:37 PM

I'm assuming such as this, to allow LAN1 users access to the internet and LAN2

access−list nonat permit ip 192.168.254.0 255.255.255.0 192.168.30.0 255.255.255.0

nat (inside) 0 access−list nonat

nat (inside) 1 192.168.254.0 255.255.255.0 0 0

And then use nonat for the crypto list...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents