I have a PIX 506e IOS 6.3(5) and I want to make a VPN pool address available to inbound traffic. The scenario is that I have a wireless device which is behind a firewall from my provider. I have a VPN set up to allow the device to connect and it is assigned an address from a VPN pool. I would like to NAT that VPN pool address to the outside interface so that I can access the device from the Internet when it is connected to the VPN. Because the VPN pool is on the outside interface, the NAT is not allowed. What I want is for 'Some PC' in the diagram below to have access to 'Device'.
I've tried to double-NAT from the outside to a virtual interface on the inside and back to the VPN pool address, but it just results in kernel warnings in the syslog.
I really don't want to use a prox on an inside machine. I would prefer to solve the entire problem on the PIX.
Does anyone have any ideas?
Thanks for your help and suggestions.
February 23, 2008 10:54 PM
February 25, 2008 2:08 AM