From: Gregory W. Posey Jr. (gposey@uaes.org)
Date: Wed Sep 11 2002 - 11:42:56 GMT-3
I get the impression from, the link below, that you can NOT get the VPN
Concentrator to "hide" your internal networks from the other side. When
doing a site-to-site with a PIX, it's the PIX that does the "double"
NAT'ting, not the 3000...
http://www.cisco.com/warp/customer/707/vpn_pix_private.html
Granted this is with "overlapping" private networks, but the concept is
still the same (private networks on both sides of the L2L VPN that you
want NAT'ted in each "other's" network).
Thank you,
Greg Posey Jr.
CCIE #7981
CSS1, CCSE
CCNP - Voice Access
M.S. EE
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
certstudy
Sent: Tuesday, September 10, 2002 7:34 PM
To: Peter Wodle; security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: Re: CVPN 3005 VPN to Firewall-1
Interesting--i have a similar situation with a 3030 to FW1. I think
that
the 3000's can do nat but only for the local inside subnet. At least
that
is the best i can figure out. in other words if i want to make the 3030
the
next hop for all traffic destined for the 3030/FW1 tunnel for all of my
subnets, the 3030 will not nat them. if i try to just send traffic from
the
inside subnet via the same path with nat, it works.
if anybody has a different experience, i'd sure appreciate the help.
tks
----- Original Message -----
From: "Peter Wodle" <peter_wodle@hotmail.com>
To: <security@groupstudy.com>
Cc: <ccielab@groupstudy.com>
Sent: Tuesday, September 10, 2002 10:21 AM
Subject: CVPN 3005 VPN to Firewall-1