Nat question using PIX 506E

Unanswered Question
Mar 9th, 2008

Hi,

I have a Pix configured with 2 Tunnels

IPsec Lan-to-Lan to 2 differents sites

I have 2 ACL. I want that when traffic 10.10.10.0 goes to 192.168.20.0 takes my first tunnel

access-list 101 permit ip 10.10.10.0 255.255.255.0 192.168.20.0 255.255.255.0

(Trafic goes to site # 1)

and

when same traffic 10.10.10.0 goes to 172.26.46.0 take my tunnel # 2

access-list 102 permit ip 10.10.10.0 255.255.255.0 172.26.46.0 255.255.255.0

I have cofigured the crypto map ok now If I want apply nat on my the inside int

nat (inside) 0 access-list 101

I can not to have both statements apply there

I mean

nat (inside) 0 access-list 101

nat (inside) 0 access-list 102

How can I fix it please?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
brettmilborrow Mon, 03/10/2008 - 01:49

Hi,

try creating a new access list that contains both lines: e.g:

access-list 111 permit ip 10.10.10.0 255.255.255.0 192.168.20.0 255.255.255.0

access-list 111 permit ip 10.10.10.0 255.255.255.0 172.26.46.0 255.255.255.0

nat (inside) 0 access-list 111

Good luck!

gargravarr Tue, 03/11/2008 - 08:48

configure 1 nat statement for NAT 0

access-list nonat permit ip 10.10.10.0 255.255.255.9 192.168.20.0 255.255.255.0

access-list nonat permi tip 10.10.10.0 255.255.255.0 172.26.46.0 255.255.255.0

nat (inside) 0 access-list nonat

add an access-list for each tunnel so you can match against them in the crypto map

access-list tunnel1 permit ip 10.10.10.0 255.255.255.0 192.168.20.0 255.255.255.0

acecss-list tunnel2 permit ip 10.10.10.0 255.255.255.0 172.16.46.0 255.255.255.0

use the

crypto map "map name" "seq number 10" match address tunnel1

crypto map "map name" "seq number 10" set peer "peerfortunnel1"

etc

crypto map "map name" "seq number 11" match address tunnel2

crypto map "map name" "seq number 11" set peer "peerfortunnel1"

etc

Actions

This Discussion