[VPN] Site to site VPN with PIX 515E and NAT before IPSec with access-lists

Siddhartha Jain losttoy2000 at yahoo.co.uk
Thu Dec 5 08:19:44 EST 2002


Hi,

I want to establish a VPN tunnel from a PIX to a
another IPSec gateway in the following way:

Local network: 172.16.22.0. This network should be
natted to a global IP, say, 202.125.145.31.

Destination host: 10.253.96.1
Remote Peer: 209.206.81.71

Users from 172.16.22.0 should only be able to access
the FTP service on the destination host. The local
network needs to be natted to a valid IP address
because the remote site security policy does not
permit any communication with invalid/private IP
addresses.

The IKE policy for the tunnel would be: HMAC-MD5, 3DES
IPSEC SA: ESP-3DES ESP-HMAC-MD5

Could someone advise me on the config to be done on
the PIX? I know the IKE and IPSec config to be done
but how do I handle access-lists and NAT?

Btw, don't try the valid IP addresses listed up there
because I have fudged with them. ;)

Regards,

Siddhartha

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com



More information about the VPN mailing list