Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: NAT inside a VPN between PIX and Cisco device

RE: NAT inside a VPN between PIX and Cisco device

From: Dean Davis <Dean.Davis_at_mbg-inc.com>
Date: Tue, 27 Jan 2004 13:16:12 -0500

Fernando:

I have a similar situation. Have you considered moving your routeable Ips to
the FastEthernet interface of the Cisco router by using "ip unnumbered?"

This feature works if your WAN interface is not a FastEthernet interface.
i.e. Serial WAN interface.

With this configuration, you can still filter ingress/egress traffic on the
WAN interface of the Cisco router, while providing your Cisco PIX with an
external, routeable address. No need for NAT.

I haven't seen an IOS option that allows un-numbering of a FastEthernet to
an internal FastEthernet interface.

Thanks,

Dean Davis, MCSE,MCDBA,CCNA,CNA,N+,Linux+
Sr. Network Engineer
MBG, Inc.
370 Lexington Avenue
New York, NY 10017
P. 212.822.4429
F. 212.822.4499
http://www.mbg-inc.com

-----Original Message-----
From: Bill James [mailto:bubbagates_at_comcast.net]
Sent: Sunday, January 18, 2004 9:58 PM
To: 'Allendes Fernando'; firewall-wizards_at_honor.icsalabs.com
Subject: RE: [fw-wiz] NAT inside a VPN between PIX and Cisco device

Fernado

Try this link for a start

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configura
tion_example09186a0080094498.shtml

 

-----Original Message-----
From: firewall-wizards-admin_at_honor.icsalabs.com
[mailto:firewall-wizards-admin_at_honor.icsalabs.com] On Behalf Of Allendes
Fernando
Sent: Monday, January 12, 2004 5:29 PM
To: 'firewall-wizards_at_honor.icsalabs.com'
Subject: [fw-wiz] NAT inside a VPN between PIX and Cisco device

Hello:
        We are trying to make a VPN between PIX and Cisco device, but using
NAT with the PIX external IP. The picture is like:
  Internal IP ----> PIX (NAT) ----> Internet ----> Cisco Router --->
"Routeable IP"
        Because the Cisco Router have internal and routeable networks, then
we must make a VPN from PIX using NAT inside the VPN.
        At least, we set up such VPN but using two external IPs in the PIX.
        Do you know how we can do it using only one external IP in the PIX ?

Regards,
Fernando Allendes. _______________________________________________
firewall-wizards mailing list firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 01 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos