I have a situation that requires me to NAT the source IPs that are coming through a VPN connnection.
My setup is as such:
A PIX501 acting as a concentrator for 5-6 VPNs (IPSEC) into my network. Just ONE of those VPNs that terminates on the PIX needs to have it's source IPs NATd to work on my network. The addresses coming across are 192.168.0.X and they need to be natted to 192.168.4.X
Now, I learned that I can use the following commands to take care of this problem (thanks jon.marshall):
global (inside) 3 192.168.4.17-192.168.4.31 netmask 255.255.255.0
global (inside) 3 192.168.4.16 netmask 255.255.255.255
nat (outside) 3 192.168.0.0 255.255.255.0 outside
From what I understand, the above statments will translate the addresses coming in through a VPN that are 192.168.0.0 to a 192.168.4.X address... 1 to 1 first, then overload the last address.
The above commands worked fine in a Lab situation, where I had only 1 VPN setup between two pixes. When we put the commands in to the production environment, all the other VPNs died. When we took out the nat(outside) 3 .... command, everything started to work again, except of course the VPN that needed the nat haha. Ideas?
Please note, The above commands are the ONLY commands that are global(inside) and nat(outside). Is there somthing that's missing? Do we need a nat(outside) 0 command of some sort maybe? Thanks in advance!