Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PAT via inside interface

Status
Not open for further replies.
Saeed42

Saeed42

ISP
Jul 4, 2001
147
I have vpn setup on a pix firewall, VPN users get their IPs from pool of ips and all works fine, my problem is I usually add a route for that "VPN ip range" for every server as some of the servers don't use the pix as their default route, so my question is can I use pat for inside interface so all the VPN users are NATED via the inside interface in this setup I don't have to add routes to servers as servers and firewall are usually on the same network.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't be content with being average. Average is as close to the bottom as it is to the top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Sort by date Sort by votes
HI.

> so my question is can I use pat for inside interface
I think that you can, but it depends on pix OS version.

But I think that specifying routes is a better option.
Maybe using RIP with pix and servers can help, or reconfigure internal network structure and routing.

Or maybe adding a route at the routed which is used as default gateway of the servers can help also.

Bye


Yizhar Hurwitz
 
Upvote 0 Downvote
Are you saying that your vpn users are using a vpn client to connect to your PIX and get assigned an address from a pool? Can you explain the topology a little more?
 
Upvote 0 Downvote
Just like you said VPN users are connecting to the PIX and getting and IP address from a pool, that pool is usually a subnet that is reserved only for VPN users, for example if the LAN range is 10.10.0.0/16 the VPN users pool would be 192.168.253.0/24, and as you can see if they need to access any of the local servers and the server uses the pix as the default gateway everything works fine, but usually we could have a very complicated setup where there's dedicated line for the VPN users and the rest of the LAN uses different route for internet connection, and that is where the problem is, y we have no access to the other router so we usually resort to adding a route for the VPN range to every server.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't be content with being average. Average is as close to the bottom as it is to the top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DivemasterBill
  • Locked
  • Question
Cannot connect via the SonicWall Login webpage
Replies
0
Views
160
DivemasterBill
DivemasterBill
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
167
kythri
kythri
ttrsux
  • Locked
  • Question
Error opening IKE port 4500 on Interface outside
Replies
0
Views
276
ttrsux
ttrsux
TierOneTech
  • Locked
  • Question
TZ105 - can I define a second WAN interface for failover?
Replies
1
Views
123
jcarmichael1203
jcarmichael1203
shmideo
  • Locked
  • Question
How to set up a wireless LAN on X5 interface TZ500
Replies
1
Views
130
shmideo
shmideo

Part and Inventory Search

Sponsor

Back
Top