Cisco firewall PIX8.0 L2LVPN address overlap test

I. Overview:

After testing ASA8.4 's twice NAT solves the problem of duplication of VPN addresses, and the Internet does not conflict with the internal host, so want to see if the lower version of the Asa/pix can solve the same problem, In the GNS simulation PIX8.0 test, let a person very disappointed, although the PIX can solve the problem of address overlap, but also make the network behind is unable to connect the public network, the reason is actually similar to the router, can not adjust the priority of static NAT, after configuring static NAT, all access to public network traffic is also static NAT , leading to the inability to get on the public net. PIX If the router is configured with L2L VPN, it is possible to solve the problem of address overlap and public network by routers, this is actually similar to the previous test of the two routers to establish L2L VPN solution, but still recorded, at least to revisit the PIX Configuration VPN command.

Two. Basic ideas:

A.pix can not reduce the priority of static NAT, configure static NAT to solve the problem of address overlap, but also make the intranet can not be on the public network.

B. Solve the problem of address overlap and simultaneous public network by establishing a VPN-side router with PIX.

Three. Test topology:

Four. Basic configuration:

A. Headquarters Server Router:

Interface ethernet0/0

IP address 10.1.1.2 255.255.255.0

No shut

IP Route 0.0.0.0 0.0.0.0 10.1.1.1

B. Headquarters PIX Firewall:

Interface E0

IP address 10.1.1.1 255.255.255.0

Nameif Inside

No shut

Interface E1

IP address 202.100.1.1 255.255.255.0

Nameif Outside

No shut

Route outside 0.0.0.0 0.0.0.0 202.100.1.10

C.internet Router:

Interface ethernet0/0

IP address 202.100.1.10 255.255.255.0

No shut

Interface ETHERNET0/1

IP address 202.100.2.10 255.255.255.0

No shut