[vpn] VPN with NAT

Chuck Renner crenner at dynalivery.com
Wed Oct 10 19:04:27 EDT 2001


Ok...so set it up like in my second diagram, and instead of having the LRP
box route outbound traffic through it's external interface, shoot the
traffic into the PIX?  

Sounds sensible enough....

> -----Original Message-----
> From: Christopher Gripp [mailto:cgripp at axcelerant.com]
> Sent: Wednesday, October 10, 2001 6:00 PM
> To: Chuck Renner; vpn at securityfocus.com
> Subject: RE: [vpn] VPN with NAT
> 
> 
> It's a non issue.  Add routes on the LRP box that point to 
> the inside of
> the PIX for all remote subnets.
> 
> -----Original Message-----
> From: Chuck Renner [mailto:crenner at dynalivery.com]
> Sent: Wednesday, October 10, 2001 3:47 PM
> To: vpn at securityfocus.com
> Subject: [vpn] VPN with NAT
> 
> 
> Here's my current network situation:
> 
> Internet-----Router-----LRP box----Private Network
> 
> The LRP box is a system running a floppy-based version of the Linux
> Router
> Project.  It is the default gateway for all systems on the private
> network
> (192.168.1.x), and provides NAT services and firewalling.
> 
> Now, I have a few remote employees that I'd like to connect to the
> private
> network via a Cisco Secure PIX 506 box.  Ideally, I'd like to have
> something
> like this:
> 
> Internet-----Router-----LRP box----Private Network
>                |                      |
>                --------PIX 506---------
> 
> 
> I only want to use the PIX to terminate the VPN clients, not have it
> replace
> the LRP box.  I've been considering the following ideas to make things
> work
> correctly, and would like feedback or suggestions:
> 
> 1)  I can add a second network card to each system that I want to make
> available via the VPN.  This will require extra cabling and requires a
> lot
> of opening of boxes.
> 
> 2)  Via RIP, have the systems on the private network update their
> routing
> tables so that the traffic for any remote system connecting to the PIX
> will
> be routed back through the PIX.  Only problem is I don't know 
> if the PIX
> provides any capability for this kind of thing.
> 
> 3)  Replace the LRP box with the PIX, so all traffic flows 
> through it.  
> 
> 4)  Any methods anyone else can recommend...
> 
> 
> VPN is sponsored by SecurityFocus.com
> 

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list