I have a PIX 506e IOS 6.3(5) and I want to make a VPN pool address available to inbound traffic. The scenario is that I have a wireless device which is behind a firewall from my provider. I have a VPN set up to allow the device to connect and it is assigned an address from a VPN pool. I would like to NAT that VPN pool address to the outside interface so that I can access the device from the Internet when it is connected to the VPN. Because the VPN pool is on the outside interface, the NAT is not allowed. What I want is for 'Some PC' in the diagram below to have access to 'Device'.
Network:
Inside--PIX--Internet--Firewall--Device
|
Some PC
Connections:
/IPSec Tunnel--Device
Inside--PIX
Some PC
I've tried to double-NAT from the outside to a virtual interface on the inside and back to the VPN pool address, but it just results in kernel warnings in the syslog.
I really don't want to use a prox on an inside machine. I would prefer to solve the entire problem on the PIX.
Does anyone have any ideas?
Thanks for your help and suggestions.
Cheers,
Tom
Sorry, the network diagram part of this post is a bit confusing. If you look at it with a fixed font, the first diagram should have 'Some PC' hanging directly below 'Internet' and the top and bottom lines of the second diagram should be just to the right of 'PIX'. Sorry for the confusing post.
Discuss This Question: 1  Reply