I don't know of any way to make this work without some changes to your
network. IPSec will have problems creating security associations between
the two networks, as the endpoint will be the Internet routable IP and not
the PIX. I assume you are doing some sort of network address translation
on your home router.

Or, is it case of you not being able to do that because the Cisco 827 is
providing both the DSL connection and NAT ?

If I were you I'd reconfigure the Cisco 827 to act as a DSL Bridge instead
of a DSL router, and move the NAT to the PIX. Your VPN will work then.

Another option is to install the Cisco VPN client on the PC at home, and
use that client to connect through your existing network to the PIX, but
that might not be what you're looking for as it would only provide VPN to
one host.

Also keep in mind that all of the other routers in your companies network
will need to know how to get to your subnet if you are joining the two
networks through the PIX (else, you won't be able to route to them.)


On Mon, 13 Mar 2006, Greg wrote:

> Hello,
> I have a PIX at home and would like to connect via site to site VPN
> to the PIX at work which I also maintain.
> The problem I think I may run into is I have a private network between the
> internet router and my internal home PIX. The segment between the internet
> router and the internal PIX is, the outside interface of the
> PIX is numbered

J. Adams http://www.retina.net/~jna

firewall-wizards mailing list