With PIX you must have one legal address for the outside interface on BOTH PIXs. That's actually enough to do what you want to do. Say that your legal address on PIX1 is 206.112.71.5/30. Go to PIX2 startup ipsec and input "isakmp key 'your key' address 206.112.71.5". Then input "crypto map 'your map-name' 'your sequence number' set peer 206.112.71.5" Say that your legal address on PIX2 is 206.112.71.6/30. Go to PIX1 startup ipsec and input "isakmp key 'your key' address 206.112.71.6" Then input "crypto map 'your map-name' 'your sequence number' set peer 206.112.71.6"
Now on PIX1 input nat (inside) 1 0.0.0.0 0.0.0.0 0 0. Then input global (outside) 1 206.112.71.5 Now on PIX2 input nat (inside) 1 0.0.0.0 0.0.0.0 0 0. Then input global (outside) 1 206.112.71.6 Now just complete your isakmp and crypto-map settings and you will be doing one single VPN between peers and PAT to the Internet. That's the best you can do on PIX with only a 30 bit legal subnet mask. John Squeo Technical Specialist Papa John's Corporation (502) 261-4035 "Theodore stout" To: [EMAIL PROTECTED] Subject: PIX with PAT and VPN [7:23490] Sent by: nobody@groupst udy.com 10/19/01 02:23 AM Please respond to "Theodore stout" Hello everyone. I am trying to implement 2 Internet connectivity solutions while at the same time creating 2 VPN solutions between two sites. What I would like to do it use a PIX 515 at both sites, tunnel IPSEC between the sites and still have normal access to the Internet. What my problem is that I only have one IP address per-site. In all of the solutions provided by Cisco, I would need a pool of registered IP addresses for NAT. PAT is not even possible. I know that this VPN-PAT-FW1FW1-PAT-VPN solution is available with Checkpoint. However, I would prefer a Cisco only solution. Any suggestions? Theodore Stout Security Engineer CCSE, CCNA, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23514&t=23490 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]