Nat question using PIX 506E

Unanswered Question
Mar 9th, 2008


I have a Pix configured with 2 Tunnels

IPsec Lan-to-Lan to 2 differents sites

I have 2 ACL. I want that when traffic goes to takes my first tunnel

access-list 101 permit ip

(Trafic goes to site # 1)


when same traffic goes to take my tunnel # 2

access-list 102 permit ip

I have cofigured the crypto map ok now If I want apply nat on my the inside int

nat (inside) 0 access-list 101

I can not to have both statements apply there

I mean

nat (inside) 0 access-list 101

nat (inside) 0 access-list 102

How can I fix it please?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
brettmilborrow Mon, 03/10/2008 - 01:49


try creating a new access list that contains both lines: e.g:

access-list 111 permit ip

access-list 111 permit ip

nat (inside) 0 access-list 111

Good luck!

gargravarr Tue, 03/11/2008 - 08:48

configure 1 nat statement for NAT 0

access-list nonat permit ip

access-list nonat permi tip

nat (inside) 0 access-list nonat

add an access-list for each tunnel so you can match against them in the crypto map

access-list tunnel1 permit ip

acecss-list tunnel2 permit ip

use the

crypto map "map name" "seq number 10" match address tunnel1

crypto map "map name" "seq number 10" set peer "peerfortunnel1"


crypto map "map name" "seq number 11" match address tunnel2

crypto map "map name" "seq number 11" set peer "peerfortunnel1"



This Discussion