Can I construct a site-to-site VPN between 2 PIX 501's and use a natted network between the sites? Is this possible with ver 6.x software or do I need ver7.x?
JHG
- posted
17 years ago
Site-to-site VPN with NAT
Loading thread data ...
- Vote on answer
- posted
17 years ago
Yes.
If the network uses one-to-one NAT, then you can do it using any release supported on the 501.
If the network uses PAT (Port Address Translation) then you need PIX 6.3 and you need "isakmp nat-traversal 20"
BTW, PIX 7.x is not supported on the 501 and likely will never be.
- Vote on answer
- posted
17 years ago
Adding to Walter's reply:
Configure the pixes normally, Then configure VPN normally without using the NAT. If that is working. Configure NAT. Remember to use the natted addresses in the crypto acl.
-Vikas