Re: PIX 515 - Private T1, Public IP

Author	All Replies
mikeeo Premium join:2000-03-12 Newark, DE	reply to VVSneakEh Re: PIX 515 - Private T1, Public IP said by VVSneakEh : Hello All, A new customer will be using a dedicated/private T1 to connect to our DCs. The T1 is coming over another cisco router and that router will be connected to one of the pix's interfaces. The customer has indicated that it is policy to use ONLY public ip addresses when connecting to business partners. I can understand this policy, what if two customers are using the same non-routable private ips.. etc etc. My question is, how should i go about using a public ip address for a private connection? Also, i'm sure other customers will have the same policy, but over an ipsec vpn. Would i have to do some fancy 1:1 Natting and aliasing or something along those lines? Cheers What level engineer are you? do you have any senior engineers can that handle this issue? you can't do destination NAT and crypto on the same interface without doing some funky configuration.
mikeeo Premium join:2000-03-12 Newark, DE	to forum · permalink · · 2008-04-16 10:02:21 ·
VVSneakEh join:2003-02-17 Toronto, ON clubs:	It's me and another guy, who is at my level or a little lower. We are actively looking for someone to help make this work, with potentially being called upon again as the project moves-on.. we're running out of time though. I've always found great resources/help here, so i thought asking some questions would be a good idea. Also as an FYI, we just passed our SAS70 audit for the year.. this new stuff is going to have to pass the next one
VVSneakEh join:2003-02-17 Toronto, ON clubs:	to forum · permalink · · 2008-04-16 10:08:58 ·
aryoba Premium,MVM join:2002-08-22	reply to mikeeo said by mikeeo : What level engineer are you? do you have any senior engineers can that handle this issue? said by VVSneakEh : It's me and another guy, who is at my level or a little lower. We are actively looking for someone to help make this work, with potentially being called upon again as the project moves-on.. we're running out of time though. I've always found great resources/help here, so i thought asking some questions would be a good idea. So far the network design sounds pretty much straight forward, although there might be some funky stuffs come into play. This is the reason why I ask if the customer has any specific implementation in mind, or if they are pretty much open to any implementation as long as it works?
aryoba Premium,MVM join:2002-08-22	to forum · permalink · · 2008-04-16 10:45:59 ·
VVSneakEh join:2003-02-17 Toronto, ON clubs:	said by aryoba : This is the reason why I ask if the customer has any specific implementation in mind, or if they are pretty much open to any implementation as long as it works? They essentially sent a spreadsheet asking for the tunnel specifics, the vpn router ip and the "interesting traffic" range/ips. I filled it out and then noticed at the bottom of the page, saying "Security Policies require public routable addresses to be used when communicating to Business Partners. Private Address space cannot be used." This leads me to believe that i have the ability to "just make it work", i just can't have any private ips as the destination range on our end of the tunnel.
VVSneakEh join:2003-02-17 Toronto, ON clubs:	to forum · permalink · · 2008-04-16 11:01:57 ·


Sunday, 23-Nov 04:16:21	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com.republican-creole page compression OFF