- Bronze, 100 points or more
I'm trying to get setup a VPN to allow a business-parter access to our network. The problem is that the partner use the same private address space as we do.
I'm trying to figure out how to translate NAT their internal address to a different address as the packets come out of the VPN tunnel.
There is a Visio Doc attached that shows "US" and THEM. The "THEM" side does not use real IPs, I made this drawing because I'm getting an example set up in a Lab environment, so I picked random numbers for the "THEM" Ips.
The PC(s) from the partner need access to two PCs on my side. I got it working to the point that the VPN tunnel comes up between the two PIX501s, and translated the destination IP into a private IP, but need help translating the remote source IPs into private IPs.
Here's some output from the PIX on the "US" (My side).
Inbound ICMP echo request (len 32 id 2 seq 44033) 10.150.100.100 > 216.x.x.x > 10.220.2.10
The source of the packet is sent to the 216.x.x.x address then translated to its real internal address of 10.220.2.10. I need to translate the 10.150.100.100 address to somthing else, so it doesnt mess up my network. Ideas? I'm a PIX n00b. Thanks in advance.
Sorry i dont have Visio on my home PC but if you want to translate the source IP address of the incoming packets eg. translate 10.150.100.100 to 192.168.5.10
static (outside,inside) 192.168.5.10 10.150.100.100 netmask 255.255.255.255
If you need to do a pool of source addresses you could do
nat (outside) 3 10.150.100.0 255.255.255.0 outside
global (inside) 3 192.168.5.10