VPN PIX Site-to-Site Public/Private Question

Discussion in 'Cisco' started by nibly, Feb 24, 2005.

  1. nibly

    nibly Guest

    Firs off i would like to say thanks to this very infomrative and helping
    newsgroup iv'e been able to successfully setup a vpn tunnel between my
    hk and bo. Hopefully i can contribute a bit more once i get my feet wet!
    :) So thanks to everyone who replying gives out a helping hand to all of
    us! :)

    Now to my question... I have configured a vpn tunnel from a pix 501 to a
    vpn3000 concentrator. The problem is that the other location only allows
    public (global) addresses into their network, and i only have one single
    public address. How can i transelate our private address range into our
    one single public address? Probably this is really simple (possible
    stupid question) but ive tried different variations without success. It
    always ends up sending our private address to the remote location.


    Thanks in advance, nibly
    nibly, Feb 24, 2005
    #1
    1. Advertising

  2. In article <RWaTd.3131$Mw3.297@amstwist00>, nibly <> wrote:
    :Now to my question... I have configured a vpn tunnel from a pix 501 to a
    :vpn3000 concentrator. The problem is that the other location only allows
    :public (global) addresses into their network, and i only have one single
    :public address. How can i transelate our private address range into our
    :eek:ne single public address?

    nat (inside) 1 0.0.0.0
    global (outside) 1 interface


    :probably this is really simple (possible
    :stupid question) but ive tried different variations without success. It
    :always ends up sending our private address to the remote location.

    Turn off the nat 0 access-list
    --
    How does Usenet function without a fixed point?
    Walter Roberson, Feb 24, 2005
    #2
    1. Advertising

  3. nibly

    nibly Guest

    Walter Roberson wrote:
    > In article <RWaTd.3131$Mw3.297@amstwist00>, nibly <> wrote:
    > :Now to my question... I have configured a vpn tunnel from a pix 501 to a
    > :vpn3000 concentrator. The problem is that the other location only allows
    > :public (global) addresses into their network, and i only have one single
    > :public address. How can i transelate our private address range into our
    > :eek:ne single public address?
    >
    > nat (inside) 1 0.0.0.0
    > global (outside) 1 interface
    >
    >
    > :probably this is really simple (possible
    > :stupid question) but ive tried different variations without success. It
    > :always ends up sending our private address to the remote location.
    >
    > Turn off the nat 0 access-list


    Wich is what iv'e already tried before. Good to know that my previous
    confiuration wasnt incorrect. But now i finally found out that the
    problem was with some odd configuration done at the vpn3000 side. No
    wonder i couldnt figure out why it didnt work from my side. Anyways..
    Thanks for replying! reply's are always appreciated! :)

    -nibly-
    nibly, Feb 24, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page