Lan to Lan VPN w/ one side behind Firewall

[ShadwSrch]

Our config (all Cisco units):
Main Campus > 3620 12.2(27) >PIX 506E 6.2(2) > 1721 12.2>
Internet
1721 12.2 > Remote office

We currently have a VPN from the IP address on the Remote 1721 to one of the two outside IPs of the 1721 at the Main Campus.

We then have a VPN through the firewall. It goes from the inside IP of the PIX to an address in front of the PIX that is NATed through to the outside IP of the 3620. We allow gre traffic. All traffic to and from the remote office goes through both tunnels.

All of this structure was in place since before I got here.

My question is this:
In order to create a VPN, do both sides have to be able to "see" each other?

I want to know if I can create a VPN from the external interface of the 3620 through the PIX to the external interface of the Remote 1721. Can I do this with one side behind a PAT and a NAT, with an IP that is not externally routable?

It seems that it would be possible if I could initiate the connection from the 3620.

Any help would be appreciated.

 

[dberg35]

My question here is what are you trying to accomplish?

 

[ShadwSrch]

I am trying to see if I can get a tunnel that goes from the inside of our network on the main campus, through the firewall, and to the external interface of the router at the remote office.

The current two tunnel setup seems cumbersome to me.

So...can I create a tunnel when both sides are not directly routable to eachother...I can specify the destination on both ends of both of the tunnels we currently have, but can I specify a 10.x.x.x address on the downtown router? It would not have a route to get there.

I know that I am not saying this well. There is a lot of vocabulary that I lack in the Cisco/networking arena.

 

[dberg35]

The best tunnel to create would a point to point vpn using public static ip's