PIX Lan-2-Lan with Nat

Unanswered Question
Feb 25th, 2008
User Badges:

Recently, we are trying to setup a L2L connection to a vendor. We are in 192.168.1.0 network but the vendor is in 10.10.100.0 subnet. Because the vendor doesn't want to route my 192.168.1.0 network in their network, they want us to translate our subnet (192.168.1.0) to 10.10.11.0/24 before sending into tunnel. We have a PIX dedicated to this vendor with two interfaces (inside and outside) and is running PIX 6.3(4) code. I've set up LAN to LAN VPN in PIX before but I always see a command line NAT 0 which disables NAT.

Which I need to do to accomplish this (enable NAT in L2L VPN) in my PIX?

Local subnet: 192.168.1.0/24 -> needs to translate to 10.10.11.0

Issue: Vendor wants us to translate our subnet (192.168.1.0) to 10.10.11.0/24 before sending into tunnel.

Remote Subnet: 10.10.100.0/24


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Mon, 02/25/2008 - 16:51
User Badges:
  • Blue, 1500 points or more

access-list L2L_NAT permit ip 192.168.1.0 255.255.255.0 10.10.100.0 255.255.255.0

nat (inside) 5 access-list L2L_NAT

global (outside) 5 10.10.11.1-10.10.11.254


your crypto map acl will look like the above acl also.


Keep in mind, the remote side will not be able to reliably initiate connections to your side because of the dynamic NAT situation this creates.

Is this an issue for you?

Actions

This Discussion