PIX - Nat on Destination Before Entering Tunnel IPsec

Unanswered Question
Jan 18th, 2008

Hi all,

I have the need to offer a service to a remote client via a VPN crossing Internet. In order to avoid overlapping of private networks I need to NAT the remote client private net, but I have only control over my PIX 535 v7.0.7 (the remote device is unknown and not managed from us).

The communication is started from an internal server on my side using a pre-defined Natted Ip, so I need to translate back to real Ip prior to put traffic inside Tunnel.

I read here http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml that it is possible to use a policy-nat with static statement in order to apply NAT to Ipsec traffic, but it seems possible only for source nat.

How can I apply the same mechanism in order to nat destination? Could you indicate me some examples?

Thanks a lot


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Thu, 01/24/2008 - 11:21

You can use the following example to configure NAT for your network:




translated networkA in routerA:

translated networkB in routerB:

routerA statements:

ip nat inside source static network /24

ip route

routerB statements:

ip nat inside source static network /24

ip route


This Discussion