Section 5.0: IPSec/PPTP Configuration
5.1. IPSec LAN-to-LAN Router-to-VPN3000
Configure a LAN-to-LAN IPSec tunnel between R2 and the VPN3000 concentrator.
The VPN3000 concentrator is behind R1. Configure the default route to R1.
Configure Loopback1 on R2 with 192.168.2.1/24.
The IPSec tunnel is to protect the VPN3000 concentrator and R2 networks on 172.16.1.0/24 to 172.16.2.0/24, respectively.
Configure preshared authentication with all other parameters as appropriate.
The tricky part is that the VPN3000 concentrator should not peer to R2 with IP address 175.1.2.2.
You need to configure bidirectional NAT on PIX for R2 IP 175.1.2.2 to an IP in VLAN3:
pixfirewall(config)# show static static (inside,outside) 175.1.2.5 10.1.1.1 netmask 255.255.255.255 ...
Get CCIE Security Practice Labs now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.