[c-nsp] PIX and NAT
Kenny Sallee
k_sallee at yahoo.com
Tue Oct 26 09:01:57 EDT 2004
Well, the other thing to consider is building a full
mesh VPN then. So build VPN tunnels from each remote
to the host and each other remote it requires to talk
to. Configuration nightmare I know...But it would be
less of a mess than trying to do some fancy NAT trick
(that may or may not work).
Or get IOS VPN capable routers and use DMVPN or GRE
tunneling.
Kenny
--- Vladimir Sulinets <beerer at gmail.com> wrote:
> No, there is only PIX on client side.
>
>
> On Sun, 24 Oct 2004 20:56:21 -0700 (PDT), Kenny
> Sallee
> <k_sallee at yahoo.com> wrote:
> > Do you have routers on both sides of the VPN
> tunnels?
> > If so, why not just use GRE tunnels?
> >
> > Kenny
> >
> >
> >
> > --- Vladimir Sulinets <beerer at gmail.com> wrote:
> >
> > > Hello,
> > >
> > > is it possible to apply on PIX such scheme? - on
> the
> > > outside interface
> > > there are few IPSec-tunneled clients (with /24
> > > delegated to everyone),
> > > and they must communicate with each other. Under
> > > normal circumstances
> > > it is impossible, but for this purpose I want to
> use
> > > router on inside
> > > interface and want pass it traffic from PIX by
> using
> > > NAT. What I mean:
> > >
> > > if destination of traffic, received on outside
> > > interface, is
> > > 10.1.1.0/24, then rewrite it as 10.100.1.0/24,
> which
> > > is routed to
> > > router on inside interface. The same is done for
> > > another networks
> > > (10.1.2.0 -> 10.100.2.0, etc). Router returns
> this
> > > traffic to inside
> > > interface (through PBR, for example) and PIX do
> > > reverse NAT -
> > > 10.100.1.0/24 -> 10.1.1.0/24, which is handled
> under
> > > normal way.
> > >
> > > The question - is it possible and, if it, how
> this
> > > can be done?
> > >
> > > Thank you.
> > >
> > > --
> > > Vladimir
> > > _______________________________________________
> > > cisco-nsp mailing list
> cisco-nsp at puck.nether.net
> > >
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at
> > > http://puck.nether.net/pipermail/cisco-nsp/
> > >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail Address AutoComplete - You start. We
> finish.
> > http://promotions.yahoo.com/new_mail
> >
>
>
> --
> Vladimir
>
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
More information about the cisco-nsp
mailing list