Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN 3005

Hi.

I have 2 VPN 2005. I need to put the concentrators an a DMZ lan protected by a checkpoint firewall that do nat.

I issigned ip address foreach vpn device on private lan, and none for public. Because checkpoint do nat for vpn concentrators, i cannot use public interface, it's useless.

I would like to know if it's possible to use only one interface to create lan-to-lan network between us and our customers (ipsec + nat) or i need to setup public interface, give to it a different network than dmz, and let checkpoint do 1:1 nat with this public interface.

I need advices. Thx.

1 REPLY
Silver

Re: VPN 3005

I think it is possible to do NAT and IPSec on same interface. I will prefer doing it on same interface rather than doing IPsec on concentrator and NAT on checkpoint.

102
Views
0
Helpful
1
Replies
CreatePlease to create content