NAT before IPSEC

Unanswered Question
Jun 21st, 2007


Is it possible on a PIX 6.3 , to have the source address translated before the frame would be encapsulated in an IPSec tunnel ?

If yes, how you do it ?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 06/21/2007 - 04:45

yes. create your NAT statements how you normally would. then, configure your crypto ACL's to match the newly NAT'ed addresses instead of the actual IP's.

you can also use policy nat for you ipsec tunnels, but I dont know the details of your setup so I can't say if that's what you'd need or not.


This Discussion