[c-nsp] PIX and NAT

Vladimir Sulinets beerer at gmail.com
Mon Oct 25 02:33:39 EDT 2004


No, there is only PIX on client side.


On Sun, 24 Oct 2004 20:56:21 -0700 (PDT), Kenny Sallee
<k_sallee at yahoo.com> wrote:
> Do you have routers on both sides of the VPN tunnels?
> If so, why not just use GRE tunnels?
> 
> Kenny
> 
> 
> 
> --- Vladimir Sulinets <beerer at gmail.com> wrote:
> 
> > Hello,
> >
> > is it possible to apply on PIX such scheme? - on the
> > outside interface
> > there are few IPSec-tunneled clients (with /24
> > delegated to everyone),
> > and they must communicate with each other. Under
> > normal circumstances
> > it is impossible, but for this purpose I want to use
> > router on inside
> > interface and want pass it traffic from PIX by using
> > NAT. What I mean:
> >
> > if destination of traffic, received on outside
> > interface, is
> > 10.1.1.0/24, then rewrite it as 10.100.1.0/24, which
> > is routed to
> > router on inside interface. The same is done for
> > another networks
> > (10.1.2.0 -> 10.100.2.0, etc). Router returns this
> > traffic to inside
> > interface (through PBR, for example) and PIX do
> > reverse NAT -
> > 10.100.1.0/24 -> 10.1.1.0/24, which is handled under
> > normal way.
> >
> > The question - is it possible and, if it, how this
> > can be done?
> >
> > Thank you.
> >
> > --
> > Vladimir
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> > http://puck.nether.net/pipermail/cisco-nsp/
> >
> 
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail Address AutoComplete - You start. We finish.
> http://promotions.yahoo.com/new_mail
> 


-- 
Vladimir


More information about the cisco-nsp mailing list