Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Regarding Static command

Hi,

If we are configuring a site-to-site

VPN tunnel between two pix-pix or pix-to-router or pix-VPN Conentrator 3000

take that we are cofiguring acl for intrestiing traffic in pix 515

do we need to configure static

even VPN tunnel is configured

like Ex:

access-list VPN permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0

here local network 10.1.1.0

remote Network 10.2.2.0

VPN config

ex:

crypto map 10 VPN match address VPN

static (inside,outside) 10.1.1.5 10.1.1.5 netmask 255.255.255.0

my Question is here static is necessary event the traffic is encrypted beween two sites

thanks

gopi

2 REPLIES
New Member

Re: Regarding Static command

Hi Gopi,

no, you wont need a static. The acl will catch the 'interesting' traffic and pass this to the crypto map.

HTH-

regards,

Gary

New Member

Re: Regarding Static command

Im assuming that both PIX firewalls have some form of NAT configured for internet access. You must have a NAT 0 statement to ensure that the traffic is not NAT'd and sent over the vpn tunnel.

access-list nonat permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0

nat (inside) 0 access-list nonat

NOTES: 10.1.1.0 local and 10.2.2.0 is remote

you would have to do this on both sides of the vpn tunnel for PIXs

Hope this helps...

Double A-Ron

93
Views
0
Helpful
2
Replies
CreatePlease to create content