[c-nsp] pix vpn dmz
Alexandre Durand
alexandre.durand at thecloud.net
Thu May 10 06:20:52 EDT 2007
Hi,
i d like to establish a vpn from a pix firewall 515 and pos version
7.0(5) with a public dmz and nat translation.
inside: 10.5.10.0/24
outside: 1.1.1.1/27 (public range)
dmz: 2.2.2.2/27 (public range)
remote inside network:192.168.20.0/24
So my encryption domain must be : 2.2.2.3/32 -- 192.168.20.0/24
ad i ve got a nat rule which is:
nat (inside,dmz) 2.2.2.3 10.5.10.28 netmask 255.255.255.255
so basically i want to translate the connections coming from 2.2.2.3 to
10.5.10.28
the vpn is setup correctly and established both sides but the nat rule
doesn t work with the vpn.
Built inbound TCP connection 4619 for outside:192.168.20.82/34237
(192.168.20.82/34237) to dmz:2.2.2.3/22 (2.2.2.3/22)
but i can t see any traffic on the server 10.5.10.28, i should see instead:
Built inbound TCP connection 4619 for outside:192.168.20.82/34237
(192.168.20.82/34237) to dmz:10.5.10.28/22(10.5.10.28/22)
any help would be great !
Regards,
Alexandre Durand
More information about the cisco-nsp
mailing list