03-09-2008 10:05 PM
Hi,
I have a Pix configured with 2 Tunnels
IPsec Lan-to-Lan to 2 differents sites
I have 2 ACL. I want that when traffic 10.10.10.0 goes to 192.168.20.0 takes my first tunnel
access-list 101 permit ip 10.10.10.0 255.255.255.0 192.168.20.0 255.255.255.0
(Trafic goes to site # 1)
and
when same traffic 10.10.10.0 goes to 172.26.46.0 take my tunnel # 2
access-list 102 permit ip 10.10.10.0 255.255.255.0 172.26.46.0 255.255.255.0
I have cofigured the crypto map ok now If I want apply nat on my the inside int
nat (inside) 0 access-list 101
I can not to have both statements apply there
I mean
nat (inside) 0 access-list 101
nat (inside) 0 access-list 102
How can I fix it please?
03-10-2008 01:49 AM
Hi,
try creating a new access list that contains both lines: e.g:
access-list 111 permit ip 10.10.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list 111 permit ip 10.10.10.0 255.255.255.0 172.26.46.0 255.255.255.0
nat (inside) 0 access-list 111
Good luck!
03-11-2008 08:48 AM
configure 1 nat statement for NAT 0
access-list nonat permit ip 10.10.10.0 255.255.255.9 192.168.20.0 255.255.255.0
access-list nonat permi tip 10.10.10.0 255.255.255.0 172.26.46.0 255.255.255.0
nat (inside) 0 access-list nonat
add an access-list for each tunnel so you can match against them in the crypto map
access-list tunnel1 permit ip 10.10.10.0 255.255.255.0 192.168.20.0 255.255.255.0
acecss-list tunnel2 permit ip 10.10.10.0 255.255.255.0 172.16.46.0 255.255.255.0
use the
crypto map "map name" "seq number 10" match address tunnel1
crypto map "map name" "seq number 10" set peer "peerfortunnel1"
etc
crypto map "map name" "seq number 11" match address tunnel2
crypto map "map name" "seq number 11" set peer "peerfortunnel1"
etc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide