PIX to PIX VPN With a Cisco 2650 Router

Hello all:

I'm going to be setting up a network using the following devices;  Cable Modem (1st), Cisco 2650 Router (2nd), and Cisco PIX 501 (3rd).  Currently, the cable modem is connected to the PIX and I have a PIX to PIX VPN already established from my work to home and it works fine.  I'm going to add a router to the mix at home so I can route to other networks between the PIX and router but I have no idea how to set this up.  Would someone be willing to give me some configuration examples?  Thanks very much.
Who is Participating?
John MeggersNetwork ArchitectCommented:
Your problem is going to be public IP space.  Do you have a single IP address or more than one?  If you have a single address, you will need to NAT on the  2650 and pass the VPN traffic through to the PIX to complete the tunnel.  If you have multiple addresses that can be subnetted (probably unlikely), you may be able to use public address space on the 2650.  But I doubt that's likely.  If you have more than one address but can't subnet off a group, then you'll still NAT on the 2650, but you will be able to assign a different address to NAT to the PIX.  You will want to no-NAT all your traffic on the PIX.

If we understand more about your specific situation, we can get more specific with the configs.
Music_Man608Author Commented:
I only have one public IP address frm my ISP.  Is there somewhere I can send my configs to?  I don't want to show the workd but I wouldn't mnd showing the expert.  Thanks.
Music_Man608Author Commented:
Ok, I just stried to set up the Router and the PIX together.  It was a disaster.  I've attached the test files if someone would be so kind as to tell me wat I did wrong.  Thanks a bunch.
John MeggersNetwork ArchitectCommented:
My suspicion is the PIX is NATing traffic to another private address (10.42.42.x) and the Cisco is trying to route that to the Internet.  The ISP won't accept that.  You need to NAT at the Cisco router, which you've started but is incomplete.  My suggestion would be to no-nat traffic on the PIX (use NAT 0) and then NAT on the Cisco to the public IP address you have from the ISP.  On the PIX, remove the existing NAT and GLOBAL commands and configure "nat (inside) 0 0 0".  On the Cisco what you've missed is you have to specify what's getting NATed, not just what the inside and outside interfaces are.

access-list 1 permit any
ip nat inside source list 1 interface ethernet0/0 overload
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.