On a PIX 515 6.3(5) I currently have an IPSec VPN configured with no-nat, using all public IPs internally and on the remote. Can I add two hosts to the encryption domain that have private IP's and NAT them to the Public IP in the the same Crypto Map? What commands would be involved in this?
access-list ipsectraffic_boston permit ip host PublicIP11 host PublicIP1
access-list ipsectraffic_boston permit ip host PublicIP22 host PublicIP2
access-list outside2_outbound_nat0_acl permit ip host PublicIP host PublicIP
crypto map mymap 305 match address ipsectraffic_boston
crypto map mymap 305 set peer IPAdd.
crypto map mymap 305 set transform-set ESP-3DES-SHA
crypto map mymap 305 set security-association lifetime seconds 86400 kilobytes 4608000
I'd like to add two private IP to the "access-list ipsectraffic_boston" and have it NAT to a public IP, as the remote site is requesting I NOT use private IP's. Doing this would save the effort to add a Public IP to my internal host.
If for example you have an internal host 192.168.1.1 and you want to NAT it to public IP 184.108.40.206
You can do a static NAT:
static (in,out) 220.127.116.11 192.168.1.1
And, include the 18.104.22.168 in the crypto ACL.