Nat question using PIX 506E

Unanswered Question
Mar 9th, 2008
User Badges:
  • Community Spotlight Award,

    Spanish Member's Choice: May 2016


I have a Pix configured with 2 Tunnels

IPsec Lan-to-Lan to 2 differents sites

I have 2 ACL. I want that when traffic goes to takes my first tunnel

access-list 101 permit ip

(Trafic goes to site # 1)


when same traffic goes to take my tunnel # 2

access-list 102 permit ip

I have cofigured the crypto map ok now If I want apply nat on my the inside int

nat (inside) 0 access-list 101

I can not to have both statements apply there

I mean

nat (inside) 0 access-list 101

nat (inside) 0 access-list 102

How can I fix it please?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
brettmilborrow Mon, 03/10/2008 - 01:49
User Badges:


try creating a new access list that contains both lines: e.g:

access-list 111 permit ip

access-list 111 permit ip

nat (inside) 0 access-list 111

Good luck!

gargravarr Tue, 03/11/2008 - 08:48
User Badges:

configure 1 nat statement for NAT 0

access-list nonat permit ip

access-list nonat permi tip

nat (inside) 0 access-list nonat

add an access-list for each tunnel so you can match against them in the crypto map

access-list tunnel1 permit ip

acecss-list tunnel2 permit ip

use the

crypto map "map name" "seq number 10" match address tunnel1

crypto map "map name" "seq number 10" set peer "peerfortunnel1"


crypto map "map name" "seq number 11" match address tunnel2

crypto map "map name" "seq number 11" set peer "peerfortunnel1"



This Discussion