cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
274
Views
0
Helpful
2
Replies

After Tunnel Ends, Need to NAT and Forward Packets

shiprider
Level 1
Level 1

Hi Everyone:

This is my secon post, desperatlely need to know whether or not what I'm attempting is even possible.

I have a Pix into which both remote access and site-to-site tunnel sessions terminate (via RAN and Outside interfaces).

Users are currently able to access resouces directly connected to the PIX (eg. Servers in the DMZ).

I now want to give said users access to a remote office. For this, I want to forward packets out another interface (call it RAN2) to a IPSEC router that starts a new tunnel across the internet.

The trick is, I want to overload Nat (PAT) all forwarded packets so their source address becomes RAN2's address. This would simplify the crypto ACL on the IPSEC router (and its remote peer) as we wouln't have to contend with multiple address (ip local pools, private LAN addresses from the pix).

I'm challenged on how to configure the NAT global pair in the PIX to effect the nat. Eg. the following doesn't work:

nat (ran) 5 pool_subnet 255.255.255.0

nat (outside) 5 pool2_subnet 255.255.0 //the pix coughs at this

global (ran2) 5 interface //I've tried with actual IP address as well.

Any assistance would be greately appreciated

2 Replies 2

ssoberlik:

Thanks for the response. Thats what I eventually ended up doing. Only downside, too many statics...but it works.

regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: