PIX VPN using the external addresses

Archived from groups: comp.dcom.vpn (More info?)

We have a company that has a policy against using internal IPs in their
IPSec tunnels. Can someone give me the basic PIX config differences
for using the external IPs as opposed to the internals? All of our
current tunnels use the internal IPs and several attempts at using the
externals haven't gone very well.

Thanks in advance.
2 answers Last reply
More about external addresses
  1. Archived from groups: comp.dcom.vpn,comp.dcom.sys.cisco (More info?)

    Nate wrote:

    > We have a company that has a policy against using internal IPs in their
    > IPSec tunnels. Can someone give me the basic PIX config differences

    This does not make sense !! Do they have clues in IT ? Doing something
    like that is loosing accounting... if loosing accounting is in their
    corporate policy, oooh my God!

    > for using the external IPs as opposed to the internals? All of our
    > current tunnels use the internal IPs and several attempts at using the
    > externals haven't gone very well.

    > Thanks in advance.

    2 or 3 weeks ago, somebody has asked if it is possible to nat an inside
    network before getting this nated IP in a VPN. Pretty much, using google
    searching for that, you'd get ideas on how to do an ugly thing alike.

    Hey, do not tell me thank you, hum? The day the first site will be
    flooding the other site with worm(s), you'll be very happy to
    investigate who has been infected first.

    /Edgar

    X-Post
  2. Archived from groups: comp.dcom.vpn,comp.dcom.sys.cisco (More info?)

    In article <dfm25v$eh2$1@news.brutele.be>,
    =?ISO-8859-1?Q?Edgar=AE_du_Luxembourg=AE?= <edgar@no_troll.sncb.be> wrote:
    :Nate wrote:

    :> We have a company that has a policy against using internal IPs in their
    :> IPSec tunnels. Can someone give me the basic PIX config differences

    :This does not make sense !! Do they have clues in IT ? Doing something
    :like that is loosing accounting... if loosing accounting is in their
    :corporate policy, oooh my God!

    It is no worse than using DHCP, which most companies use these days.
    And the information about which internal host IP it was can easily
    be pulled from the logs -- the internal host IP and port is shown
    in every Build, Teardown, and Deny message.
    --
    This signature intentionally left... Oh, darn!
Ask a new question

Read More

VPN Policy Configuration Networking