Remote VPN router behind internet access router


maybe someone could give me a hint about this scenario:

| |

|Public IP | |

| | |Public IP

|Private IP | |Private IP

|Private IP |

I want to establish a VPN connection between our local PIX and the remote VPN gateway. The remote gateway is not directly connected to the internet. It's connected to which forwards all packets and is doing 1:1 NAT between the public IP address and the private IP address.

When trying to establish the VPN tunnel, on the PIX i get something like

Group = , IP = , Rejecting IPSec tunnel: no matching crypto map entry for remote proxy / local proxy / on interface outside

The reason are the different public/private addresses which are seen for the remote VPN gateway. Is there any way to get around this? NAT-T? Which address should be used for the crypto map: The public or private address of the remote VPN gw?

With kind regards Markus

Reply to
Markus Marquardt
Loading thread data ...

The first question is What type of hardware are you using? 2nd question is what type of hardware are you connecting to?

Check out the below link it should be able to answer most of your questions if you r using PIX 6.3

formatting link
here is a link if you are using Pix 7.x or ASA appliance
formatting link

Reply to

See above...

Remote internet gw: I don't know Remote VPN gw: Checkpoint-Something

The problem is not to create an vpn connection at all, the problem is that the remote vpn gw is connected via a rfc1918 transfer network to the internet.

Regards Markus

Reply to
Markus Marquardt Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.