Looking for Astaro config example that shows how to allow a IPSec VPN tunnel from the outside (Internet) (from a PIX) through the Astaro to a Cisco Router on the inside of the Astaro - so the Astaro will be allowing NAT transversal and doing a static NAT of an outside IP (the IPSec tunnel endpoint) to the inside IP of the Cisco Router.
Here's the topology:
(PIX515E Firewall Cluster)I [IPSec tunnel] ------> Internet {to remote site} ------> (Cisco 2600 Internet Screen router)----->I(ASTARO (NATs I to P for IPSec tunnel endpoint)P------> [IPSec tunnel] P(Cisco 2800 Inside router)
I= Internet IP
P=Private IP
Ive tried DNAT and adding rules to allow ESP, ISAKMP and UDP4500 but still can't get the tunnel up through the Astaro.
DO I need to SNAT the Cisco 2800 private IP of the tunnel endpoint to a public outside Astaro IP as well?
I want the tunnel endpoint to be a different public address than the Astaro's outside public IP - but in the same subnet. The 2600 screen router provides a routed connection to the internet - with my public IP space behind it.
Is there a config guide for passing IPSec vpn tunnel through the Astaro?
Thanks for any guidance.
Barry Knuth
This thread was automatically locked due to age.
