Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Remote VPN router behind internet access router

Reply
Thread Tools

Remote VPN router behind internet access router

 
 
Markus Marquardt
Guest
Posts: n/a
 
      06-14-2007
Hello,

maybe someone could give me a hint about this scenario:

<local LAN>
|
|
<PIX515e/7.2>
|Public IP
|
|
<Internet>
|
|
|Public IP
<Internet gw>
|Private IP
|
|Private IP
<VPN gateway>
|Private IP
|
<remote LAN>

I want to establish a VPN connection between our local PIX and the
remote VPN gateway. The remote gateway is not directly connected to the
internet. It's connected to <Internet gw> which forwards all packets and
is doing 1:1 NAT between the public IP address and the private IP address.

When trying to establish the VPN tunnel, on the PIX i get something like

Group = <something>, IP = <Public IP internet GW>, Rejecting IPSec
tunnel: no matching crypto map entry for remote proxy <Private IP VPN
gateway>/255.255.255.255/0/0 local proxy <Public IP
PIX>/255.255.255.255/0/0 on interface outside

The reason are the different public/private addresses which are seen for
the remote VPN gateway. Is there any way to get around this? NAT-T?
Which address should be used for the crypto map: The public or private
address of the remote VPN gw?

With kind regards
Markus
 
Reply With Quote
 
 
 
 
Newbie72
Guest
Posts: n/a
 
      06-14-2007
On Jun 14, 8:34 am, Markus Marquardt <(E-Mail Removed)> wrote:
> Hello,
>
> maybe someone could give me a hint about this scenario:
>
> <local LAN>
> |
> |
> <PIX515e/7.2>
> |Public IP
> |
> |
> <Internet>
> |
> |
> |Public IP
> <Internet gw>
> |Private IP
> |
> |Private IP
> <VPN gateway>
> |Private IP
> |
> <remote LAN>
>
> I want to establish a VPN connection between our local PIX and the
> remote VPN gateway. The remote gateway is not directly connected to the
> internet. It's connected to <Internet gw> which forwards all packets and
> is doing 1:1 NAT between the public IP address and the private IP address.
>
> When trying to establish the VPN tunnel, on the PIX i get something like
>
> Group = <something>, IP = <Public IP internet GW>, Rejecting IPSec
> tunnel: no matching crypto map entry for remote proxy <Private IP VPN
> gateway>/255.255.255.255/0/0 local proxy <Public IP
> PIX>/255.255.255.255/0/0 on interface outside
>
> The reason are the different public/private addresses which are seen for
> the remote VPN gateway. Is there any way to get around this? NAT-T?
> Which address should be used for the crypto map: The public or private
> address of the remote VPN gw?
>
> With kind regards
> Markus


The first question is What type of hardware are you using? 2nd
question is what type of hardware are you connecting to?

Check out the below link it should be able to answer most of your
questions if you r using PIX 6.3
http://www.cisco.com/en/US/docs/secu.../sit2site.html

here is a link if you are using Pix 7.x or ASA appliance
http://www.cisco.com/en/US/products/...805a87f7.shtml


 
Reply With Quote
 
 
 
 
Markus Marquardt
Guest
Posts: n/a
 
      06-14-2007
Newbie72 wrote:
>> <PIX515e/7.2>

>
> The first question is What type of hardware are you using? 2nd


See above...

> question is what type of hardware are you connecting to?


Remote internet gw: I don't know
Remote VPN gw: Checkpoint-Something

The problem is not to create an vpn connection at all, the problem is
that the remote vpn gw is connected via a rfc1918 transfer network to
the internet.

Regards
Markus
 
Reply With Quote
 
maco maco is offline
Junior Member
Join Date: Jun 2007
Posts: 10
 
      06-14-2007
Both ends should use nat-traversal

You should use the Public IP of the VPN gateway (Checkpoint) if you want to reach it through Internet.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Trying to access the PDM of a Cisco pix over a Remote Access VPN withCisco VPN Client BF Cisco 2 09-07-2008 03:00 PM
VPN site to site & Remote access VPN ( vpn client) over the same interface pasatealinux Cisco 1 12-17-2007 07:41 PM
Cisco 506e - remote-access vpn, split tunnel, client has no internet access. Rohan Cisco 1 11-29-2006 12:37 AM
PIX-to-PIX vpn + remote Access VPN not working Marko Uusitalo Cisco 1 04-11-2005 12:45 PM



Advertisments