Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX2PIX IPsec with additional internal LAN

(LAN1)>ISA Server-->(DMZ)>PIX1



Has anyone attempted the setup above? It seems pretty straight forward however, I'm interested in knowing how traffic from the LAN traverses the ISA Server and PIX1 to the destination LAN2 on the other end of a pure 3DES IPSec tunnel.

If I place a DMZ with private addresses between the ISA server and PIX, and create a PIX2PIX IPsec tunnel, what do I have to add to the PIX1 so that traffic between LAN1 and LAN2. Will a static route work on PIX1 suffice? Are there any additional changes I'll need to make to the ISA Server?

I'd greatly appreciate any input.

Cisco Employee

Re: PIX2PIX IPsec with additional internal LAN

make sure you have nat ) access-list for the dmz. You can use the static to point to And make sure your access-list matches for the crypto.


New Member

Re: PIX2PIX IPsec with additional internal LAN

I'm assuming such as this, to allow LAN1 users access to the internet and LAN2

access−list nonat permit ip

nat (inside) 0 access−list nonat

nat (inside) 1 0 0

And then use nonat for the crypto list...

CreatePlease login to create content