We have a PIX 525 FW is IOS Ver. 6.3. We are using a 172.x.x.x network in our LAN. We need to establish a VPN tunnel from our firewall to one of our clients firewall. Our client is ready to allow access to his network only if our private ip address are natted to a public ip range. I would like to know how to configure the NAT and IPSec in this kind of scenario. We have done similar configurations using Checkpoint and it works well there. I tried a couple of configurations for NATting as follows over the IPSec tunnel.
access-list acl_outbound permit ip 172.16.1.0 255.255.255.0 10.100.25.0 255.255.255.0
nat (inside) 1 access-list acl_outbound
global (outside) 1 220.127.116.11
In the above configuration 172.16.x.x is my local network and 10.100.x.x is my clients network. When the access-list matches i am natting it to the public ip range. I am specifying the public ip range in my VPN interesting traffic. After i issue this command and save the configurations and when i try to open the PDM i get a message saying "Policy Based NAT is not supported" and the PDM doesnt allow me to do any changes through PDM.
Can somebody let me know how to configure a PIX in this kind of scenario.
I think your client is being a bit pedantic, I take it you really want to do a LAN to LAN vpn, which is normal, if he is worried he can control your access by ACLs etc at his end, The VPN endpoints will be the public addresses of your firewalls through which the VPN tunnels flow, Its a bit difficult to see what your client really wants
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :