Dynamic IPsec Between a Statically Addressed IOS Router and the Dynamically Addressed PIX Firewall with NAT Configuration Example
(Cisco Systems)
This document provides a sample configuration that shows you how to enable the IOS router to accept dynamic IPsec connections from an PIX Firewall. The remote router performs Network Address Translation (NAT) if private network 10.0.0.x accesses the Internet. Traffic from 10.0.0.x to private network 10.1.0.x behind the PIX is excluded from the NAT process. The PIX Firewall can initiate connections to the router, but the router cannot initiate connections to the PIX.
This configuration uses a Cisco IOS router in order to create dynamic IPsec LAN-to-LAN (L2L) tunnels with a PIX Firewall that receives dynamic IP addresses on their public interface (outside interface). Dynamic Host Configuration Protocol (DHCP) provides a mechanism in order to allocate IP addresses dynamically from the Internet service provider (ISP). This allows IP addresses to be reused when hosts no longer need them.
No comments:
Post a Comment