NAT before IPSEC

Unanswered Question
Jun 21st, 2007
User Badges:


Is it possible on a PIX 6.3 , to have the source address translated before the frame would be encapsulated in an IPSec tunnel ?

If yes, how you do it ?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 06/21/2007 - 04:45
User Badges:
  • Blue, 1500 points or more

yes. create your NAT statements how you normally would. then, configure your crypto ACL's to match the newly NAT'ed addresses instead of the actual IP's.

you can also use policy nat for you ipsec tunnels, but I dont know the details of your setup so I can't say if that's what you'd need or not.


This Discussion