PIX VPN behind NAT Router

Discussion in 'Cisco' started by falken7, Dec 7, 2004.

  1. falken7

    falken7 Guest

    Hello all,

    I'm currently researching if the following is possible:

    I have a PIX firewall behind a router performing NAT. The config is
    basic and resembles the following:

    Internet --> Router --> PIX -- > LAN

    I'd like to run VPN (PPTP or IPSEC) on the PIX. I'd like to know if
    this is possible and if anyone has this implemented. Obviously, the
    Internet side of the router is public. The PIX side of the router has
    a private range, and the router is configured with a static translation
    to the PIX - this would be used as the endpoint for clients.

    I'm not opposed to running VPN on the routers - just curious if this
    setup would work with the PIX running VPN behind the NAT router.
    Thanks for any help,
    Jason
     
    falken7, Dec 7, 2004
    #1
    1. Advertisements

  2. falken7

    John Smith Guest

    yes. yuo will just make sure you pass/redirect the correct ports thru to the
    pix - the ports for esp and isakmp. ( dont recall them offhand. )
     
    John Smith, Dec 7, 2004
    #2
    1. Advertisements

  3. falken7

    Ivan Ostreš Guest

    I think that you will have to enable NAT traversal on the PIX.
     
    Ivan Ostreš, Dec 7, 2004
    #3
  4. falken7

    falken7 Guest

    Thanks John and Ivan - I was missing the NAT Traversal command. duh!
    Take care,
    Jason
     
    falken7, Dec 7, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.