On 13.04.2007, at 13:27, cisco4ng wrote:
well, yes and no. Let say that you use 10.0.0.0/8 and your partner
also uses
10.0.0.0/8 then you have no choice but to NAT on both sides such as
you will
NAT your side to 129.0.0.0/8 and the other side will NAT to
130.0.0.0/8 in order
for this to work.
Ok, thanks, but let's say we do not want to access his 10.0.0.0
network but a 192.168.x.x network. He says he is using 10.0.0.0 on
another VPN already and that's the reason he asks us to NAT. In this
scenario, would it be enough if he'd NAT our 10.0.0.0 to something
that he can deal with? Since we do not need to talk to his side's
10.0.0.0 but to another network on his end, we don't need him to
translate his end...
So the question basically is; Is it technically possible on a Cisco
PIX to apply NAT to the source IPs of incoming VPN traffic, without
"letting the peer site know about it"? Or would this mess up IKE
handshaking stuff (as far as I know the networks to be used in a VPN
are exchanged in some sort of quick mode or whatever)?
Thanks
Sascha
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
