Hi, I would like to know if it is possible to let Cisco VPN client from the Inside to connect on outside vpn servers throught a pix while at the same time connecting this pix with another pix in a Site-To-Site VPN.
I know that ESP doesn't use ports numbers, so only one Tunnel works throught PAT at the same time. But if we configurea PAT address that is different than the PIX address on the outside, will we be able to do ESP Pass-throught and Site-To-Site VPN?
Re: VPN pass-throught and Site-to-site VPN with pix
Unfortunately not, even if you are using different IP addresses for the outside interface and the one used for NAT/PAT addresses.
An alternate: use a dedicated IP address, static transaltion for the inside PC and then you need not enable the "fixup esp-ike: command. This will allow you to terminate both site-site tunnel and use the VPN client connect from inside to outside server..
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...