Firewalls route packets unless you have some sort of firewalling bridge or
proxy server.
I'm not even going to get into "eGaps".
Wish I could help you with PIX.
--- Allen May <[EMAIL PROTECTED]> wrote:
> OK maybe this is a terminology misunderstanding on my part, but I have
> about
> 15 route statements in my PIX and use a pix->pix vpn using IPSec.
> route <interface-name> <ip_address> <netmask> <gateway> <metric>
>
> One of the VPNs set up here had something a little weird where we had to
> set
> up statics for VPN to work but that's something I'll be working on
> solving
> at a later time. Just for grins try setting up a static statement for
> one
> of the workstations trying to get through and see if it stops using NAT.
>
> You'll find the IPSec user guide on the cisco website very useful for
> more
> info on this.
>
> Allen
> ----- Original Message -----
> From: "Groupstudy" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, February 16, 2001 2:38 AM
> Subject: Re: PIX and NAT with VPN
>
>
> > The PIX does not route. Period.
> >
> > ----- Original Message -----
> > From: Kenneth <[EMAIL PROTECTED]>
> > Newsgroups: groupstudy.cisco
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, February 15, 2001 6:35 PM
> > Subject: Re: PIX and NAT with VPN
> >
> >
> > > I'm totally foreign to PIX but I'm just wondering, maybe it's
> possible
> to
> > > use policy-based routing on PIX?
> > >
> > > "Rick Holden" <[EMAIL PROTECTED]> wrote in message
> > > 002001c097b6$60c466a0$[EMAIL PROTECTED]">news:002001c097b6$60c466a0$[EMAIL PROTECTED]...
> > > > I have a PIX firewall that is being used for a VPN as well. The
> problem
> > is
> > > > all the inside addresses are being translated to public addresses
> even
> > > when
> > > > the traffic is destine for the VPN tunnel. I tried the following
> > commands
> > > > but this seems to block all translations.
> > > > (real IPs have been replaced for security)
> > > >
> > > > access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0
> > > > 255.255.255.0
> > > > nat (inside) 0 access-list nonat
> > > > global (outside) 1 172.16.10.1 net 255.255.255.255
> > > >
> > > > I also tried using DENY in the access list
> > > > access-list nonat deny ip 192.168.2.0 255.255.255.0 192.168.1.0
> > > > 255.255.255.0
> > > > This didn't work either.
> > > >
> > > > How can I can the traffic destined for the Internet to be
> translated
> and
> > > the
> > > > traffic destined for the VPN not be translated?
> > > >
> > > > _________________________________
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> > > >
> > >
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> > >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
