PIX firewal 515E and VPN

[StickMan13]

Hi everyone,

Im trying to configure VPN on my 515E but my outside interface has a private IP (192.168.X.X) so it cannot be routed on the internet, so my question is: Can i specify an IP for the VPN to respond or do i have to assign a public IP to the outside interface???

Thanks.

 

[themut]

I am suspecting you are natting on the Internet router. In that case you can use the private IP address assigned to the outside interface but your Internet router should statically nat it to a public IP address, that means you need a dedicated public IP address from your ISP to nat your outside interface. Hope this helps!

 

[StickMan13]

Yes i tried to do that but as the packet is encrypted the router can't access to it so it can't modify it.

 

[themut]

The packet header is not encrytped which is what we need here. The IP addresses protected by the tunnel are encrypted but the IP addresses on the IPSec peers are in clear text so you should be able to NAT them.