VPN with NAT on PIX

Unanswered Question
Dec 21st, 2009

Custom with PIX515E, IOS 7.0.7

I need to add a further site-to-site VPN.
In this case, however, our partner asks not to present with the private IP of the inside net, but with a NATted one.
From our part, it is all of our LAN that must participate in the VPN.
Configured and tried, but it doesn't work...

By another client, I have already made a similar VPN, but in that case the inside LAN was a single host, with a static NAT.
In this case, I have a dynamic NAT of the whole net.

I have not found any documentation that contemplates this scenery, it seems that works only with static NAT - also of the whole net, but always  Static.

Does someone have some idea?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
battanc Mon, 12/21/2009 - 09:26

I allready know this document.

But in the example a STATIC NAT is been used for the whole LAN 1:1

I have only ONE IP for all the LAN, so how can I configure a static NAT? I beleav, I can't ..


JORGE RODRIGUEZ Mon, 12/21/2009 - 11:25

You will have to PAT

One IP,  say is public IP ( ),   use it to PAT your inside LAN to connect to other tunnel LAN.

Other side LAN hosts say is and, create acl and add it to your crypto map policy for that tunnel.

access-list OTHER_L2L extended permit ip host
access-list OTHER_L2L extended permit ip host

global (outside) 2
nat (inside) 2 access-list OTHER_L2L



This Discussion

Related Content