[vpn] VPN with NAT

Chuck Renner crenner at dynalivery.com
Wed Oct 10 18:47:11 EDT 2001

Here's my current network situation:

Internet-----Router-----LRP box----Private Network

The LRP box is a system running a floppy-based version of the Linux Router
Project.  It is the default gateway for all systems on the private network
(192.168.1.x), and provides NAT services and firewalling.

Now, I have a few remote employees that I'd like to connect to the private
network via a Cisco Secure PIX 506 box.  Ideally, I'd like to have something
like this:

Internet-----Router-----LRP box----Private Network
               |                      |
               --------PIX 506---------

I only want to use the PIX to terminate the VPN clients, not have it replace
the LRP box.  I've been considering the following ideas to make things work
correctly, and would like feedback or suggestions:

1)  I can add a second network card to each system that I want to make
available via the VPN.  This will require extra cabling and requires a lot
of opening of boxes.

2)  Via RIP, have the systems on the private network update their routing
tables so that the traffic for any remote system connecting to the PIX will
be routed back through the PIX.  Only problem is I don't know if the PIX
provides any capability for this kind of thing.

3)  Replace the LRP box with the PIX, so all traffic flows through it.  

4)  Any methods anyone else can recommend...

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list