NAT traffic between the IPsec VPN

Unanswered Question
Dec 24th, 2008
User Badges:


We are using a 515E firewall in which we are established VPN without Nating the Traffic between existing VPN

But Now we had some requirement to NAT the Trafic between the new VPN which we trying to esatblish can u pls suggest me how i can deploy NAT for the new tunnel with the below running config

the partial configuration is :

access-list 123 permit ip host

access-list 123 permit ip host

access-list 111 permit ip host

access-list 111 permit ip host

pager lines 24

logging on

logging console debugging

logging monitor debugging

logging buffered debugging

mtu outside 1500

mtu inside 1500

mtu dmz 1500

mtu gs-office 1500

mtu intf4 1500

mtu intf5 1500

ip address outside XX.137.0.50

ip address inside

ip address dmz XX.137.0.129

ip address gs-office

global (outside) 1 interface

nat (inside) 0 access-list 123

nat (inside) 1 0 0

nat (dmz) 0 access-list 121

nat (dmz) 1 0 0

nat (gs-office) 1 access-list 151 0 0

route outside 1

route inside 1

route inside xx.1.1.0 1

sysopt connection permit-ipsec

crypto ipsec transform-set dlf-M3UA-set esp-3des esp-md5-hmac

crypto map eplus-map 21 ipsec-isakmp

crypto map eplus-map 21 match address 111

crypto map eplus-map 21 set peer

crypto map eplus-map 21 set transform-set dlf-M3UA-set

crypto map eplus-map interface outside

isakmp key ******** address XXX.242.37.88 netmask

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

Here for the new TUNNEL i need to NAT the source ip For example source IP to through the tunnel

Pls guide me for this



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion