PIX 506e Policy NAT - VPN - Routing Problem?
Posted on 2006-07-06
Need to know if the following is possible:
We have a PIX 506e and need a VPN Tunnel to a remote site that has a Checkpoint FW. We are accessing the remote site who inturn routes us through a tunnel to another site's custom software.
PIX 506e --> | Checkpoint --> Some FW | --> Remote Software
10.5.1.x --> 10.x.x.x 159...
policy NAT Peer
We did a Policy NAT on our PIX from a 10.5.1.x to 192.168.250.x. This is not a problem as we have encountered other situations where we have had to do Policy NATs for other clients where the internal networks were on the same subnet. Here's the problem, the peer network is a 159.135.12.x and the PIX won't allow us to enter an external IP address as the peer network or as part of the policy NAT. When we try to enter the IP it says the IP is incorrect.
Is there a work around to use the external address space as the peer network? Note the remote site uses custom software with a dedicated connection with the 159.135.12.x.