[vpn] VPN with NAT

Christopher Gripp cgripp at axcelerant.com
Wed Oct 10 19:00:15 EDT 2001

It's a non issue.  Add routes on the LRP box that point to the inside of
the PIX for all remote subnets.

-----Original Message-----
From: Chuck Renner [mailto:crenner at dynalivery.com]
Sent: Wednesday, October 10, 2001 3:47 PM
To: vpn at securityfocus.com
Subject: [vpn] VPN with NAT

Here's my current network situation:

Internet-----Router-----LRP box----Private Network

The LRP box is a system running a floppy-based version of the Linux
Project.  It is the default gateway for all systems on the private
(192.168.1.x), and provides NAT services and firewalling.

Now, I have a few remote employees that I'd like to connect to the
network via a Cisco Secure PIX 506 box.  Ideally, I'd like to have
like this:

Internet-----Router-----LRP box----Private Network
               |                      |
               --------PIX 506---------

I only want to use the PIX to terminate the VPN clients, not have it
the LRP box.  I've been considering the following ideas to make things
correctly, and would like feedback or suggestions:

1)  I can add a second network card to each system that I want to make
available via the VPN.  This will require extra cabling and requires a
of opening of boxes.

2)  Via RIP, have the systems on the private network update their
tables so that the traffic for any remote system connecting to the PIX
be routed back through the PIX.  Only problem is I don't know if the PIX
provides any capability for this kind of thing.

3)  Replace the LRP box with the PIX, so all traffic flows through it.  

4)  Any methods anyone else can recommend...

VPN is sponsored by SecurityFocus.com

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list