02-13-2004 09:06 AM
PIX Firewall
Need to create new site-to-site VPN where the new remote site's has the same, internal network IP addressing scheme as an existing VPN already setup on the PIX.
Possible workaround...
Define unique traffic down to the host level for each location.
Thanks in advance for any ideas!
02-13-2004 11:53 AM
this is a common problem
use the 'Alias' command or destination NAT
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml
there are many documents about it on this site
02-16-2004 04:29 PM
i doubt that the workaround is not possible, even you restrict the traffic down to host level. for example, 192.168.1.4 (local) tries to communication with 192.168.1.5 (remote), however, the local host would consider that is on the same subnet and wouldn't pass traffic to the pix.
one possible solution is to organise an extra nat service from your isp. it should work as we've exactly the same issue before and now is solved.
hope this helps
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: