VPN with NAT on PIX

battanc · ‎12-21-2009

Custom with PIX515E, IOS 7.0.7

I need to add a further site-to-site VPN.
In this case, however, our partner asks not to present with the private IP of the inside net, but with a NATted one.
From our part, it is all of our LAN that must participate in the VPN.
Configured and tried, but it doesn't work...

By another client, I have already made a similar VPN, but in that case the inside LAN was a single host, with a static NAT.
In this case, I have a dynamic NAT of the whole net.

I have not found any documentation that contemplates this scenery, it seems that works only with static NAT - also of the whole net, but always Static.

Does someone have some idea?

Thanks

JORGE RODRIGUEZ · ‎12-21-2009

HI, work with this doc as example.. use policy nat.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

Jorge Rodriguez

battanc · ‎12-21-2009

I allready know this document.

But in the example a STATIC NAT is been used for the whole LAN 1:1

I have only ONE IP for all the LAN, so how can I configure a static NAT? I beleav, I can't ..

Regard's

JORGE RODRIGUEZ · ‎12-21-2009

You will have to PAT

One IP, say is public IP (10.20.20.20 ), use it to PAT your inside LAN to connect to other tunnel LAN.

Other side LAN hosts say is 172.16.10.10 and 172.16.10.11, create acl and add it to your crypto map policy for that tunnel.

access-list OTHER_L2L extended permit ip 10.0.0.0 255.0.0.0 host 172.16.10.10
access-list OTHER_L2L extended permit ip 10.0.0.0 255.0.0.0 host 172.16.10.11

global (outside) 2 10.20.20.20
nat (inside) 2 access-list OTHER_L2L

Regards

Jorge Rodriguez