NAT'ing a VPN behind a public address

[tangerine0072000]

Hi all,

Need to create a VPN and hide my internal 10/8 network behind one of my public addresses using NAT,so the remote end only see's the public addreses comming across the VPN. Anyone got an example config on how to achieve this on a PIX ?

thanks in advance.

 

[North323]

pretty much every VPN configuration. thats the idea behind an 'inside' and 'outside' google search sample ASA configs or PIX configs

 

[tangerine0072000]

pointless responding to the question if you don't have an answer. I know google exists, yet so does this forum. Thats why I put a post on here.

 

[North323]

every config is different and posting a sample config would not do you any good. check out

http://www.cisecurity.org/index.html

for pix/asa best practices. i think this forum is to help people, not do the work for them. After I RTFM then I post here. ;-)

 

[Dmasch]

You two sound like a couple of chicks with their panties in a bunch....LOL

 

[drummelhart]

if you are running nat, you will need to make a static route like the following:
static (inside,outside) 200.200.200.200 10.10.100.243 netmask 255.255.255.255

from there you can create access-lists allowing that IP address access to certain ports from the inside out, and access lists allowing access to that ip address from the outside in

 

[baddos]

Need to create a VPN and hide my internal 10/8 network behind one of my public addresses using NAT,so the remote end only see's the public addreses comming across the VPN. Anyone got an example config on how to achieve this on a PIX ?

I'm confused by this. What VPN are we talking about here? Are you using a lan-2-lan ipsec vpn to another company or something or are just going out on the Internet?

 

[tangerine0072000]

hi,

Yep its a site-to-site VPN. I want to hide my 10/8 behind one of my public addresses. The pix already uses one of the public addresses on its external interface.

I've achieved this on Checkpoint, but not pix.

thanks,