PIX-PIX VPN Tunnel & Static NAT Access

From: Leo Song (lsong@dataphile.ca)
Date: Fri Apr 18 2003 - 00:14:40 GMT-3

• Next message: Richard Davidson: "RE: access-list used for filtering routes"
• Previous message: Scott M. Livingston: "RE: access-list used for filtering routes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi, there.

I created an IPSec tunnel between two PIX firewalls (PIX515 and PIX515E)
over Internet (outside - outside) and the termination point are Inside
(at Site-A) and DMZ (at Site-B), the tunnel is up and we could PING each
other real IPs in Inside and DMZ.

In the meanwhile, on site-B I make a static NAT mapping on DMZ to
Server-A in Inside,

                  VPN Tunnel
  |------------------------------------------|
  | |
  | |I |O O| | |
  | |N |U U| D| |
  | |S |T Internet T| | |
Host-A |I |S - - - - - - -S| M| NATed Server-A
       |D |I I| | /
       |E |D D| Z| /
       | |E E| ----- | /
                               INSIDE /
                              Server-A /

But the Host-A can't access Server-A through NATed IP address via that
tunnel, is there anything wrong? And I can't do it in that way. Thanks.

Leo.

• Next message: Richard Davidson: "RE: access-list used for filtering routes"
• Previous message: Scott M. Livingston: "RE: access-list used for filtering routes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:57 GMT-3