I currently have a PIX 515E running 7.2 code. I have a remote access IPsec VPN tunnel set up. I have an inside interface with 192.168.1.1 255.255.255.0 with a few internal servers etc. The remote access VPN clients get an ip from a pool of 10.180.180.1-10.180.180.5. They can communicate with anything on the 192.168.1.x network fine, that part is simple. The problem I am looking for an answer to is to be able to route beyond the pix. So say that all the 192.168.1.x clients in the local office nat to a public ip of 220.127.116.11, which gives them access to the internet, and some other devices within our local AS that only allow that IP by a telnet / ssh ACL. Is it possible to have the remote access VPN clients nat to that public IP somehow over the VPN tunnel to give them access to the equipment beyond the firewall?
I do not think you will be able to NAT pool ip to public ip address if you are terminating VPN clients on the same outside interface where you have configured ip 18.104.22.168 as described above. If you have enabled "same-security-traffic permit intra-interface " , the vpn client traffic will be redirected to internet with source ip 10.180.180.1-5 and not 22.214.171.124
The only solution i can think of is that you can do vpn and then do telnet to router/host in 192.168.1.x subnet and from there initiate telnet/ssh to other hosts in your network.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :