[c-nsp] PIX and NAT
Kenny Sallee
k_sallee at yahoo.com
Sun Oct 24 23:56:21 EDT 2004
Do you have routers on both sides of the VPN tunnels?
If so, why not just use GRE tunnels?
Kenny
--- Vladimir Sulinets <beerer at gmail.com> wrote:
> Hello,
>
> is it possible to apply on PIX such scheme? - on the
> outside interface
> there are few IPSec-tunneled clients (with /24
> delegated to everyone),
> and they must communicate with each other. Under
> normal circumstances
> it is impossible, but for this purpose I want to use
> router on inside
> interface and want pass it traffic from PIX by using
> NAT. What I mean:
>
> if destination of traffic, received on outside
> interface, is
> 10.1.1.0/24, then rewrite it as 10.100.1.0/24, which
> is routed to
> router on inside interface. The same is done for
> another networks
> (10.1.2.0 -> 10.100.2.0, etc). Router returns this
> traffic to inside
> interface (through PBR, for example) and PIX do
> reverse NAT -
> 10.100.1.0/24 -> 10.1.1.0/24, which is handled under
> normal way.
>
> The question - is it possible and, if it, how this
> can be done?
>
> Thank you.
>
> --
> Vladimir
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
More information about the cisco-nsp
mailing list