Problem with VPN by ASA 5505 and PIX 501

Unanswered Question
Oct 26th, 2007
User Badges:


I have this scenario: Firewall ASA 5505, Firewall Pix 501 (with CatOS 6.3(5) ).

I have configured this appliance for Easy VPN (server is ASA) and PIX, and remote Access with Cisco client vpn (for internal lan ASA).

When i configure the ASA i have this problem, when i configure nat for easy vpn.

This is my nat configuration:

nat (inside) 0 access-list 100

nat (inside) 1

nat (inside) 1

nat (inside) 0 outside

when i put this command:

nat (inside) 0 access-list no-nat

this command is necessary for configuration of easy vpn, but the previous nat:

nat (inside) 0 access-list 100

is replace with the latest command.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
owillins Thu, 11/01/2007 - 11:41
User Badges:
  • Silver, 250 points or more

To identify addresses on one interface that are translated to mapped addresses on another interface, use the nat command in global configuration mode. This command configures dynamic NAT or PAT, where an address is translated to one of a pool of mapped addresses. To remove the nat command, use the no form of this command.

For regular dynamic NAT:

nat (real_ifc) nat_id real_ip [mask [dns] [outside] [udp udp_max_conns] [norandomseq]]

no nat (real_ifc) nat_id real_ip [mask [dns] [outside] [udp udp_max_conns] [norandomseq]]

For policy dynamic NAT and NAT exemption:

nat (real_ifc) nat_id access-list access_list_name [dns] [outside] [udp udp_max_conns] [norandomseq]

no nat (real_ifc) nat_id access-list access_list_name [dns] [outside] [udp udp_max_conns] [norandomseq]


This Discussion