I have a situation where I need to setup a VPN L2L tunnel. The peer is using Checkpoint NG and I am using a PIX 515 (Code: 6.2(2))
Now my problem is the following:
The peer (Checkpoint end) needs us to 'hide' our LAN address (our LAN address is on a 10.x.x.x subnet) so that it can communicate with their internal LAN. The Checkpoint side will only allow us to communicate with them if we 'hide' our LAN side IP address.
Now my question is:
How can I setup the VPN tunnel so that when traffic goes out from my LAN to the Checkpoint it gets NAT'ed to a internet routable IP (which I have).
I hope the above explanation is clear but if you require further information then please let me know.
Any help/advice on this will be very much appreciated, I would really be grateful if someone can post configuration examples
you need to first nat the IP on the PIX with an IP address .. infact PAT it... config will be something like one below:
nat (inside) 1 192.168.1.0 255.255.255.0
global (outside) 1 188.8.131.52
when configuring IPSEC crypto ACLs, you need to give the source IP as 184.108.40.206 for triggering the interesting traffic.. this is possible, because NAT happens before encryption... similarly, on the other end, you need to give the destination IP subnet as 220.127.116.11 ...
hope this solves your query... rate replies if found useful...
I'm sorry but I don't get it! I already have on my PIX:
nat (inside) 1 0 0
global (outside) 1 interface
I already have site-to-site VPN to other customers but this one customer requires that I hide our internal LAN IP when connecting to their network and to use an internet routable address, i.e. I must NAT!
How do I achive this VPN??
I'm slightly stuck on this so any help would be very much appreciated. If you could post configuration examples then this would help.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...