Re: VPN into PIX 506 behind home network using PAT

btucke · ‎10-18-2001

I have a home network with all devices accessing the Internet via Internet Connection Sharing to a machine with a xDSL modem. I know ICS uses PAT and this will not work with the current VPN client into the PIX; but, will a xDSL router/modem with a built in 8-port switch be the same or will it consider each machine connected directly to the router/modem and allow a VPN connection? If this will not work, are there any suggestions on how to accomplish this?

mmellet · ‎10-25-2001

Only the concentrator supports NAT transparency mode which is what you’ll need for this to work. PIX may support this in the future but not today.

fabios · ‎10-26-2001

There is a way to achieve the result (I am currently using it with a C803). If you ADSL device is capable of terminating VPN, you can configure it to use the external address as VPN endpoint and therefore it would work. A possible solution is to use a c827 with ip/fw plus 3des (or des) software.

Alejandro Cadarso Cerdeirina · ‎10-29-2001

If I have in a central office a VPN 3000 concentrator with Public IP address, and if in my branches I have a PIX behind a router doing PAT which is providing Internet access with negotiated IP address (not capable of terminating VPN and I don't have access to its configuration). Can I configure the PIX for allowing all the computers in the branch office to access my central office throug IPSEC VPN? If yes HOW?