Ok..thanksi was worried about the public to private ip mapping with NAT
and IPSEC. But since esp does not modify the original header...I should be
fine to have the vpn clients connect to a public ip that is statically
natted to the private ip on the outside pix interface. Right?
Thanks
This isn't entirely correct. You can have a private IP address on your
outside interface and have it NAT'd to a public IP address and then
terminate the tunnel there. I am assuming this is what you are doing. Yes
it can be done.
Yes it will work with IKE Mode Configuration which is the same
Hello everyone,
I would like to install a PIX behind a router and had some questions...
1. Can the VPN clients connect to a public ip that translates ( static nat )
to the private ip assigned to the outside interface of the PIX?( if i use
esp)
2. Will it work if I use IKE Mode Configuration to
Hi
If you want VPN client to connect to your pix, you need to assign a public
IP to your outside interface and you can create a pool of private ip address
to your vpn client by using (ip local pool start ip...end ip)
and give the pool name in the vpngroup configuration (vpngroup
address-pool .
4 matches
Mail list logo