06-10-2010 01:13 PM - edited 02-21-2020 04:41 PM
On a PIX 515 6.3(5) I currently have an IPSec VPN configured with no-nat, using all public IPs internally and on the remote. Can I add two hosts to the encryption domain that have private IP's and NAT them to the Public IP in the the same Crypto Map? What commands would be involved in this?
Current config:
-------
access-list ipsectraffic_boston permit ip host PublicIP11 host PublicIP1
access-list ipsectraffic_boston permit ip host PublicIP22 host PublicIP2
access-list outside2_outbound_nat0_acl permit ip host PublicIP host PublicIP
crypto map mymap 305 match address ipsectraffic_boston
crypto map mymap 305 set peer IPAdd.
crypto map mymap 305 set transform-set ESP-3DES-SHA
crypto map mymap 305 set security-association lifetime seconds 86400 kilobytes 4608000
---------
I'd like to add two private IP to the "access-list ipsectraffic_boston" and have it NAT to a public IP, as the remote site is requesting I NOT use private IP's. Doing this would save the effort to add a Public IP to my internal host.
Thanks,
Dan
Solved! Go to Solution.
06-10-2010 01:18 PM
Hi,
If for example you have an internal host 192.168.1.1 and you want to NAT it to public IP 200.1.1.1
You can do a static NAT:
static (in,out) 200.1.1.1 192.168.1.1
And, include the 200.1.1.1 in the crypto ACL.
Federico.
06-10-2010 01:18 PM
Hi,
If for example you have an internal host 192.168.1.1 and you want to NAT it to public IP 200.1.1.1
You can do a static NAT:
static (in,out) 200.1.1.1 192.168.1.1
And, include the 200.1.1.1 in the crypto ACL.
Federico.
06-10-2010 02:39 PM
Frederico,
Seems straight forward. Thanks.
Dan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: