Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX2PIX IPsec with additional internal LAN

(LAN1)192.168.10.0-->ISA Server-->(DMZ)192.168.254.0-->PIX1

<--Internet-->

PIX2<--(LAN2)192.168.20.0

Has anyone attempted the setup above? It seems pretty straight forward however, I'm interested in knowing how traffic from the 192.168.10.0 LAN traverses the ISA Server and PIX1 to the destination LAN2 on the other end of a pure 3DES IPSec tunnel.

If I place a DMZ with private addresses between the ISA server and PIX, and create a PIX2PIX IPsec tunnel, what do I have to add to the PIX1 so that traffic between LAN1 and LAN2. Will a static route work on PIX1 suffice? Are there any additional changes I'll need to make to the ISA Server?

I'd greatly appreciate any input.

2 REPLIES
Cisco Employee

Re: PIX2PIX IPsec with additional internal LAN

make sure you have nat ) access-list for the dmz. You can use the static to point to 192.168.10.0. And make sure your access-list matches for the crypto.

Regards,

New Member

Re: PIX2PIX IPsec with additional internal LAN

I'm assuming such as this, to allow LAN1 users access to the internet and LAN2

access−list nonat permit ip 192.168.254.0 255.255.255.0 192.168.30.0 255.255.255.0

nat (inside) 0 access−list nonat

nat (inside) 1 192.168.254.0 255.255.255.0 0 0

And then use nonat for the crypto list...

587
Views
0
Helpful
2
Replies
CreatePlease login to create content