VPN / Is this possible ??

[iiiiss]

HI !

I would like to connect through my pix to another pix using the cisco vpn client.

As I am using PAT I think I would need transparent tunneling for this but the pix doesn´t seem to support that and I don´t want to use static commandos !

Is it possible to solve this problem with the "nat (inside) 0 access-l" command ?

Thanks for every reply

 

[anerikkehvadderskals]

Hi,

If i am understanding this properly, I had the same senario some weeks ago, and was told that the current firmware dosent support that. Something about IPsec/headers. I wanted to use the cisco VPN client throug a pix 501 to connect to a pix 515,

Was told that a new firmware was under way and should be released now, ??

Bye

LC

 

[iiiiss]

Thanks for the reply !

Do you mean IOS or firmware ???
I didn´t know that I can upgrade the Firmware .. only the IOS .. I´m using the IOS version 6.2(2)

You can do this by using a static command like " static(inside,outside) xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx"

But that´s not what I want to do ...

When you find a solution please tell me ..


Thanks

Best Regars

 

[yizhar]

HI.

Why don't you use the STATIC command, is it because of security reasons, or lack of registered ip addresses?
If you have enough addresses, you can use NAT instead of PAT - this can work.

Another alternate option, is to configure the pix at the branch office (the client side), with "Easy VPN".
Easy VPN is a feature of version 6.2 that a remote pix connects to the main office acting as a VPN client instead of site to site VPN.
This can overcome the problem if you do not have enough registered addresses and need to connect many clients from branch to main office.

Bye

Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[anerikkehvadderskals]

I meant the IOS,

if I hear anything I will let you know,

Bye

LC

 

[iiiiss]

Thanks both !
To Yizhar, it is because of the lack of public addresses !

Best Regards !