Configuration possible with 3020 and PIX501?

Unanswered Question

I'm trying to setup a VPN configuration with a company that has a 3020 Concentrator and we have a PIX501.

We currently use PAT for all communications with the outside world (except with a few servers that have their own dedicated IPs, which we NAT). When traveling over the VPN tunnel to the 3020, I'd like our hosts to NAT to an address range that is internal to the remote network (they've requested this). Is it possible to set this up?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Mon, 02/11/2008 - 09:43

I don't know if that would work or not. On both sides your source and destination networks for the VPN would be the same then, and you might get some undesirable results.

You could NAT your network to some other network though that they weren't using on their side, and that wouldn't be a problem. To do this, you would create some sort of policy nat statement using an ACL. Then for your crypto ACL, you just match on traffic from the nat'ed (global) address space.


This Discussion