Question that needs some reading... pretty interesting problem
This guy wants a VPN tunnel setup to my network which has a pix (6.3). He wants to route his FTP traffic to a internal host on my network using a NON RFC1918 ( he says he cant use it )
what hes telling me to do is create a SITE to Site tunnel from his router to my PIX (which does use RFC1918 natted private ranges internally ), then wants me to create a static mapping for public to private ip to my internal ftp server and he would route his ftp traffic over the vpn tunnel to the external statically mapped to internal ftp server on my network.
Questions are as follows:
1) That ftp traffic would be on the same outside interface on the PIX, the PIX security features forces traffic to pass from one interface to another. So this traffic would not be able to reach the ftp server from his network ?
2) Has anyone ever created a VPN tunnel with no NONAT and match access lists for site to site tunnels on a PIX?
3) Is this even possible??
This guy wants a VPN tunnel setup to my network which has a pix (6.3). He wants to route his FTP traffic to a internal host on my network using a NON RFC1918 ( he says he cant use it )
what hes telling me to do is create a SITE to Site tunnel from his router to my PIX (which does use RFC1918 natted private ranges internally ), then wants me to create a static mapping for public to private ip to my internal ftp server and he would route his ftp traffic over the vpn tunnel to the external statically mapped to internal ftp server on my network.
Questions are as follows:
1) That ftp traffic would be on the same outside interface on the PIX, the PIX security features forces traffic to pass from one interface to another. So this traffic would not be able to reach the ftp server from his network ?
2) Has anyone ever created a VPN tunnel with no NONAT and match access lists for site to site tunnels on a PIX?
3) Is this even possible??
